22690 – tor new security issues CVE-2018-0490 and CVE-2018-0491

Bug 22690 - tor new security issues CVE-2018-0490 and CVE-2018-0491

Summary: tor new security issues CVE-2018-0490 and CVE-2018-0491

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA6-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2018-03-03 18:04 CET by David Walser
Modified:	2018-03-07 21:38 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	tor-0.3.1.9-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-03-03 18:04:38 CET

Upstream has released new versions today (March 3):
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915

The issues are fixed in 0.3.2.10, 0.3.1.10, and 0.2.9.15.

BTW we should have stuck with 0.2.9.x in Cauldron as it is supported through 2020.

Mageia 5 and Mageia 6 are also affected.

David Walser 2018-03-03 18:05:11 CET

Whiteboard: (none) => MGA6TOO

Comment 1 Jani Välimaa 2018-03-04 09:05:53 CET

Pushed 0.3.2.10 to cauldron and 0.2.9.15 to mga6 core/updates_testing.

SRPM/RPM for mga6:
tor-0.2.9.15-1.mga6

Assignee: jani.valimaa => qa-bugs
CC: (none) => jani.valimaa

claire robinson 2018-03-04 13:23:32 CET

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 2 PC LX 2018-03-04 19:57:33 CET

Installed and tested without issues.

System: Mageia 6, x86_64, Intel CPU.

Tested using firefox, configured to use tor's SOCKS 5 proxy.
Also used vidalia to control tor.

$ uname -a
Linux marte 4.14.20-desktop-1.mga6 #1 SMP Sun Feb 18 01:22:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux                                                                                        $ rpm -q tor
tor-0.2.9.15-1.mga6
$ systemctl status tor
● tor.service - Anonymizing overlay network for TCP
   Loaded: loaded (/usr/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
   Active: active (running) since Dom 2018-03-04 17:42:28 WET; 1h 11min ago
 Main PID: 5974 (tor)
      CPU: 4.380s
   CGroup: /system.slice/tor.service
           └─5974 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc
<SNIP>

Whiteboard: (none) => MGA6-64-OK
CC: (none) => mageia

Comment 3 Lewis Smith 2018-03-06 07:20:21 CET

Needs advisory, please.

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 4 David Walser 2018-03-07 11:45:00 CET

Advisory:
========================

Updated tor package fix security vulnerabilities:

A protocol-list handling bug that could be used to remotely crash directory
authorities with a null-pointer exception (CVE-2018-0490).

A bug can be remotely triggered in order to crash relays with a use-after-free
pattern (CVE-2018-0491).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0491
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915

Lewis Smith 2018-03-07 20:14:12 CET

Keywords: (none) => advisory
CC: lewyssmith => (none)

Comment 5 Mageia Robot 2018-03-07 21:38:23 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0161.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.