Debian Bug report logs -
#537148
CVE-2009-2425, CVE-2009-2426
Reported by: Giuseppe Iuculano <giuseppe@iuculano.it>
Date: Wed, 15 Jul 2009 14:12:02 UTC
Severity: important
Tags: lenny, security
Found in version tor/0.2.0.34-1
Fixed in version tor/0.2.0.35-1~lenny1
Done: Peter Palfrader <weasel@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Peter Palfrader <weasel@debian.org>:
Bug#537148; Package tor.
(Wed, 15 Jul 2009 14:12:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Peter Palfrader <weasel@debian.org>.
(Wed, 15 Jul 2009 14:12:09 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: tor
Version: 0.2.0.34-1
Severity: important
Tags: security lenny
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for tor.
CVE-2009-2425[0]:
| Tor before 0.2.0.35 allows remote attackers to cause a denial of
| service (application crash) via a malformed router descriptor.
CVE-2009-2426[1]:
| The connection_edge_process_relay_cell_not_open function in
| src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before
| 0.1.2.8-beta allows exit relays to have an unspecified impact by
| causing controllers to accept DNS responses that redirect to an
| internal IP address via unknown vectors. NOTE: some of these details
| are obtained from third party information.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2425
http://security-tracker.debian.net/tracker/CVE-2009-2425
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2426
http://security-tracker.debian.net/tracker/CVE-2009-2426
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpd4NQACgkQNxpp46476aokHQCfa17Dn/yePS/XahDjjS20tyN0
c+UAnj9TevSMj4sxPnduFcIfBoe7RkMk
=0dGL
-----END PGP SIGNATURE-----
Bug no longer marked as found in version 0.2.0.35-1.
Request was from Peter Palfrader <weasel@debian.org>
to control@bugs.debian.org.
(Wed, 15 Jul 2009 18:12:02 GMT) (full text, mbox, link).
Reply sent
to Peter Palfrader <weasel@debian.org>:
You have taken responsibility.
(Fri, 24 Jul 2009 14:18:06 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer.
(Fri, 24 Jul 2009 14:18:06 GMT) (full text, mbox, link).
Message #12 received at 537148-close@bugs.debian.org (full text, mbox, reply):
Source: tor
Source-Version: 0.2.0.35-1~lenny1
We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive:
tor-dbg_0.2.0.35-1~lenny1_i386.deb
to pool/main/t/tor/tor-dbg_0.2.0.35-1~lenny1_i386.deb
tor-geoipdb_0.2.0.35-1~lenny1_all.deb
to pool/main/t/tor/tor-geoipdb_0.2.0.35-1~lenny1_all.deb
tor_0.2.0.35-1~lenny1.diff.gz
to pool/main/t/tor/tor_0.2.0.35-1~lenny1.diff.gz
tor_0.2.0.35-1~lenny1.dsc
to pool/main/t/tor/tor_0.2.0.35-1~lenny1.dsc
tor_0.2.0.35-1~lenny1_i386.deb
to pool/main/t/tor/tor_0.2.0.35-1~lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 537148@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Palfrader <weasel@debian.org> (supplier of updated tor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 16 Jul 2009 20:22:28 +0200
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all i386
Version: 0.2.0.35-1~lenny1
Distribution: stable
Urgency: low
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
tor - anonymizing overlay network for TCP
tor-dbg - debugging symbols for Tor
tor-geoipdb - geoIP database for Tor
Closes: 537148
Changes:
tor (0.2.0.35-1~lenny1) stable; urgency=low
.
* Upload to stable in coordination with SRM (luk).
* New upstream version:
o security fixes:
- Avoid crashing in the presence of certain malformed descriptors
(CVE-2009-2425).
- Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address (CVE-2009-2426).
- closes: #537148 (both issues above).
o bugfixes:
- Finally fix the bug where dynamic-IP relays disappear when their
IP address changes.
- Fix a DNS-related crash bug (apparently depending on everything
but the phase of the moon).
- Fix a memory leak when starting with a cache over a few days old
- Hidden service clients didn't use a cached service descriptor that
was older than 15 minutes, but wouldn't fetch a new one either.
[More details are in the upstream changelog.]
Checksums-Sha1:
fbba175c98e30e4f8d890ff1ef2423040a9cc867 1192 tor_0.2.0.35-1~lenny1.dsc
aaac1a731ebd25e7f31b41d4875a1202a78fa60f 80261 tor_0.2.0.35-1~lenny1.diff.gz
20644e2428af54e29d044d246bb5280d1178160e 715224 tor-geoipdb_0.2.0.35-1~lenny1_all.deb
f45d529f753bb811704885d42aa5908b5cbd951c 1271430 tor_0.2.0.35-1~lenny1_i386.deb
65b481a0f74cdc26222c3e0e2e37d749a64d268c 851374 tor-dbg_0.2.0.35-1~lenny1_i386.deb
Checksums-Sha256:
6d825080a5714eb8398eb4f24fac81af580c7038edde1997bef3f3f3d2e75e73 1192 tor_0.2.0.35-1~lenny1.dsc
0e5dfbbc874b7f127e3284d8eadb12b18539ba357a5133ce9142e00d98ecd83d 80261 tor_0.2.0.35-1~lenny1.diff.gz
a9cbd271aa4e056b316661c0ec3577ecf04386f83609898f38761ad6aefb6c96 715224 tor-geoipdb_0.2.0.35-1~lenny1_all.deb
24995411ba8f482b0c77be9f1701acaa1877c10af39036f389d3b587f92c25be 1271430 tor_0.2.0.35-1~lenny1_i386.deb
b0eb1293a9a0134f51263b8a8c51cf0aac9a76074a64ed7a5ea7c8cc65ee05b9 851374 tor-dbg_0.2.0.35-1~lenny1_i386.deb
Files:
ade1c8154c8f41af894e87317e4322a0 1192 comm optional tor_0.2.0.35-1~lenny1.dsc
9edb0544dadb1f07c4914636a66e72a2 80261 comm optional tor_0.2.0.35-1~lenny1.diff.gz
d2b438b17d1f331cd7b3d3f1d913c91c 715224 comm extra tor-geoipdb_0.2.0.35-1~lenny1_all.deb
85e443ddb711d5cda8a0d218327fa0e9 1271430 comm optional tor_0.2.0.35-1~lenny1_i386.deb
045aba48e7da9f994fb3735f4cfe5cba 851374 comm extra tor-dbg_0.2.0.35-1~lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpfdh8ACgkQz/ccs6+kS91kjwCgl1ECSu0mpdlnN9XqQebf2vCN
/5YAn3QMiA5Vq0AtX3FltmMqNBNLQDY5
=5x5l
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 24 Aug 2009 07:43:07 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:21:57 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon