Bug 22690

Summary: tor new security issues CVE-2018-0490 and CVE-2018-0491
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: jani.valimaa, mageia, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK
Source RPM: tor-0.3.1.9-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-03-03 18:04:38 CET 
Upstream has released new versions today (March 3):
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915

The issues are fixed in 0.3.2.10, 0.3.1.10, and 0.2.9.15.

BTW we should have stuck with 0.2.9.x in Cauldron as it is supported through 2020.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-03-03 18:05:11 CET

Whiteboard: (none) => MGA6TOO

Comment 1 Jani Välimaa 2018-03-04 09:05:53 CET 
Pushed 0.3.2.10 to cauldron and 0.2.9.15 to mga6 core/updates_testing.

SRPM/RPM for mga6:
tor-0.2.9.15-1.mga6

Assignee: jani.valimaa => qa-bugs
CC: (none) => jani.valimaa

claire robinson 2018-03-04 13:23:32 CET

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 2 PC LX 2018-03-04 19:57:33 CET 
Installed and tested without issues.

System: Mageia 6, x86_64, Intel CPU.

Tested using firefox, configured to use tor's SOCKS 5 proxy.
Also used vidalia to control tor.

$ uname -a
Linux marte 4.14.20-desktop-1.mga6 #1 SMP Sun Feb 18 01:22:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux                                                                                        $ rpm -q tor
tor-0.2.9.15-1.mga6
$ systemctl status tor
● tor.service - Anonymizing overlay network for TCP
   Loaded: loaded (/usr/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
   Active: active (running) since Dom 2018-03-04 17:42:28 WET; 1h 11min ago
 Main PID: 5974 (tor)
      CPU: 4.380s
   CGroup: /system.slice/tor.service
           └─5974 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc
<SNIP>

Whiteboard: (none) => MGA6-64-OK
CC: (none) => mageia

Comment 3 Lewis Smith 2018-03-06 07:20:21 CET 
Needs advisory, please.

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 4 David Walser 2018-03-07 11:45:00 CET 
Advisory:
========================

Updated tor package fix security vulnerabilities:

A protocol-list handling bug that could be used to remotely crash directory
authorities with a null-pointer exception (CVE-2018-0490).

A bug can be remotely triggered in order to crash relays with a use-after-free
pattern (CVE-2018-0491).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0491
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
Lewis Smith 2018-03-07 20:14:12 CET

Keywords: (none) => advisory
CC: lewyssmith => (none)

Comment 5 Mageia Robot 2018-03-07 21:38:23 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0161.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED