DSA-2548-1 tor -- severalID: oval:org.secpod.oval:def:600888 | Date: (C)2012-09-22 (M)2022-10-10 |
Class: PATCH | Family: unix |
Severel vulnerabilities have been discovered in Tor, an online privacy tool. CVE-2012-3518 Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote, resulting in denial of service. CVE-2012-3519 Try to leak less information about what relays a client is choosing to a side-channel attacker. CVE-2012-4419 By providing specially crafted date strings to a victim tor instance, an attacker can cause it to run into an assertion and shut down Additionally the update to stable includes the following fixes: - - When waiting for a client to renegotiate, don"t allow it to add any bytes to the input buffer. This fixes a potential DoS issue [tor-5934, tor-6007].