Details of a vulnerability fixed upstream have been released today (July 30): http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5117 The issue is fixed in version 0.2.4.23. Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated tor package fixes security vulnerability: Tor before 0.2.4.23 maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names (CVE-2014-5117). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5117 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5117 https://lists.torproject.org/pipermail/tor-announce/2014-July/000093.html https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack ======================== Updated packages in core/updates_testing: ======================== tor-0.2.4.23-1.mga3 tor-0.2.4.23-1.mga4 from SRPMS: tor-0.2.4.23-1.mga3.src.rpm tor-0.2.4.23-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Debian has issued an advisory for this today (July 31): https://www.debian.org/security/2014/dsa-2993
URL: (none) => http://lwn.net/Vulnerabilities/607283/
Procedure: https://bugs.mageia.org/show_bug.cgi?id=3953#c4
CC: (none) => remiWhiteboard: MGA3TOO => MGA3TOO has_procedure
Testing complete for x64 using Claire's procedure from https://bugs.mageia.org/show_bug.cgi?id=3953#c4: Installed: - tor-0.2.4.23-1.mga4 - lib64tsocks1-1.8-0.beta5.13.mga4.x86_64 - tsocks-1.8-0.beta5.13.mga4.x86_64 [frames@localhost ~]$ tor Aug 02 23:55:48.949 [notice] Tor v0.2.4.23 (git-598c61362f1b3d3e) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1e. Aug 02 23:55:48.949 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Aug 02 23:55:48.949 [notice] Read configuration file "/etc/tor/torrc". Aug 02 23:55:48.951 [notice] Opening Socks listener on 127.0.0.1:9050 Aug 02 23:55:48.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. Aug 02 23:55:48.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Aug 02 23:55:49.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster. Aug 02 23:55:49.000 [notice] We now have enough directory information to build circuits. Aug 02 23:55:49.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Aug 02 23:55:50.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. Aug 02 23:55:51.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Aug 02 23:55:52.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Aug 02 23:55:52.000 [notice] Bootstrapped 100%: Done. No warnings or errors. Installed proxy addon in Firefox and was able to verify Tor connection on https://check.torproject.org/. Also started Tor service: [root@localhost ~]# service tor start Starting tor (via systemctl): [ OK ] Again, went to https://check.torproject.org/ and verified Tor was active. Stopped Tor service: [root@localhost ~]# service tor stop Stopping tor (via systemctl): [ OK ] Stopped successfully. No issues at all.
CC: (none) => markkuehn
Test also successful for i586 using the same procedure, but pulled an extra package than x64 (libevent5-2.0.21-5): - tor-0.2.4.23-1.mga4.i586 - libevent5-2.0.21-5.mga4.i586 - libtsocks1-1.8-0.beta5.13.mga4.i586 - tsocks-1.8-0.beta5.13.mga4.i586 [frames@localhost ~]$ tor Aug 03 00:08:15.349 [notice] Tor v0.2.4.23 (git-598c61362f1b3d3e) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1e. Aug 03 00:08:15.349 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Aug 03 00:08:15.349 [notice] Read configuration file "/etc/tor/torrc". Aug 03 00:08:15.351 [notice] Opening Socks listener on 127.0.0.1:9050 Aug 03 00:08:15.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. Aug 03 00:08:15.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Aug 03 00:08:15.000 [notice] We now have enough directory information to build circuits. Aug 03 00:08:15.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Aug 03 00:08:16.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. Aug 03 00:08:17.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Aug 03 00:08:18.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Aug 03 00:08:18.000 [notice] Bootstrapped 100%: Done. Same procedures the check Tor was enabled as above. All was successful.
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure, MGA4-32-OK, MGA4-64-OK
Testing complete mga4 64
Whiteboard: MGA3TOO has_procedure, MGA4-32-OK, MGA4-64-OK => MGA3TOO has_procedure, MGA4-32-OK, MGA4-64-OK mga3-64-ok
mga3 64 even
Testing complete mga3 32 Ready for validating, sorry I don't have time now to do the advisory.
Whiteboard: MGA3TOO has_procedure, MGA4-32-OK, MGA4-64-OK mga3-64-ok => MGA3TOO has_procedure, MGA4-32-OK, MGA4-64-OK mga3-32-ok mga3-64-ok
Advisory uploaded.
Whiteboard: MGA3TOO has_procedure, MGA4-32-OK, MGA4-64-OK mga3-32-ok mga3-64-ok => MGA3TOO has_procedure, MGA4-32-OK, MGA4-64-OK mga3-32-ok mga3-64-ok advisory
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed. http://advisories.mageia.org/MGASA-2014-0312.html
Status: NEW => RESOLVEDCC: (none) => mageiaResolution: (none) => FIXED