CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
91.9%
Debian Security Advisory DSA-2548-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
September 13, 2012 http://www.debian.org/security/faq
Package : tor
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-3518 CVE-2012-3519 CVE-2012-4419
Severel vulnerabilities have been discovered in Tor, an online privacy
tool.
CVE-2012-3518
Avoid an uninitialised memory read when reading a vote or consensus
document that has an unrecognized flavour name. This could lead to
a remote, resulting in denial of service.
CVE-2012-3519
Try to leak less information about what relays a client is choosing to
a side-channel attacker.
CVE-2012-4419
By providing specially crafted date strings to a victim tor instance,
an attacker can cause it to run into an assertion and shut down
Additionally the update to stable includes the following fixes:
For the stable distribution (squeeze), these problems have been fixed in
version 0.2.2.39-1.
For the unstable distribution, these problems have been fixed in version
0.2.3.22-rc-1.
We recommend that you upgrade your tor packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | armel | tor-dbg | < 0.2.2.39-1 | tor-dbg_0.2.2.39-1_armel.deb |
Debian | 6 | amd64 | tor-dbg | < 0.2.2.39-1 | tor-dbg_0.2.2.39-1_amd64.deb |
Debian | 6 | mips | tor | < 0.2.2.39-1 | tor_0.2.2.39-1_mips.deb |
Debian | 6 | mipsel | tor | < 0.2.2.39-1 | tor_0.2.2.39-1_mipsel.deb |
Debian | 6 | kfreebsd-amd64 | tor | < 0.2.2.39-1 | tor_0.2.2.39-1_kfreebsd-amd64.deb |
Debian | 6 | ia64 | tor-dbg | < 0.2.2.39-1 | tor-dbg_0.2.2.39-1_ia64.deb |
Debian | 6 | sparc | tor-dbg | < 0.2.2.39-1 | tor-dbg_0.2.2.39-1_sparc.deb |
Debian | 6 | powerpc | tor-dbg | < 0.2.2.39-1 | tor-dbg_0.2.2.39-1_powerpc.deb |
Debian | 6 | all | tor | < 0.2.2.39-1 | tor_0.2.2.39-1_all.deb |
Debian | 6 | kfreebsd-amd64 | tor-dbg | < 0.2.2.39-1 | tor-dbg_0.2.2.39-1_kfreebsd-amd64.deb |