|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: tor: UAF and NULL pointer dereference crash on Exit relays (TROVE-2023-007) | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Andreas Stieger <Andreas.Stieger> |
| Component: | Security | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | bwiedemann |
| Version: | Leap 15.5 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1225537 | ||
This is an autogenerated message for OBS integration: This bug (1217918) was mentioned in https://build.opensuse.org/request/show/1132318 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / tor openSUSE-RU-2023:0402-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1217918 CVE References: JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): tor-0.4.8.10-bp155.2.9.1 openSUSE Backports SLE-15-SP4 (src): tor-0.4.8.10-bp154.2.21.1 done Reopening: Missing in Leap 15.6. Please process incoming submission or fix in Leap 15.6 in your chosen way. (bug 1225537) As per bug 1225537 now also fixed in Leap 15.6, closing |
It was discovered that tor before 0.4.8.10 is affected by an issue (TROVE-2023-007) affecting Exit relays supporting Conflux. - Improper error propagation from a safety check in conflux leg linking lead to a desynchronization of which legs were part of a conflux set, ultimately causing a UAF and NULL pointer dereference crash on Exit relays References: https://forum.torproject.org/t/security-release-0-4-8-10/10536 https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes