Bugzilla – Bug 1083845
VUL-0: CVE-2018-0490: tor: null-pointer crash in directory authority protocol list code (TROVE-2018-001)
Last modified: 2018-03-08 20:05:36 UTC
The subprotocol implementation in 0.2.9.4-alpha had a bug where an incorrectly formatted relay descriptor could cause directory servers to crash when they tried to vote about it. This does not affect relays or clients, since they do not try to vote. From https://lists.torproject.org/pipermail/tor-announce/2018-March/000152.html TROVE-2018-001 only affects directory authorities. It is a bug that an attacker can use to cause a remote directory authority to crash. All directory authorities should upgrade to one of the versions released today. It does not affect relays or clients. - Fix a protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception. Fixes bug 25074; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and CVE-2018-0490. Fixed in 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0490 https://trac.torproject.org/projects/tor/ticket/25074
submitted
This is an autogenerated message for OBS integration: This bug (1083845) was mentioned in https://build.opensuse.org/request/show/582239 Factory / tor https://build.opensuse.org/request/show/582244 42.3+Backports:SLE-12 / tor
done
openSUSE-SU-2018:0614-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1083845,1083846 CVE References: CVE-2018-0490,CVE-2018-0491 Sources used: openSUSE Leap 42.3 (src): tor-0.3.2.10-15.1
openSUSE-SU-2018:0620-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1083845,1083846 CVE References: CVE-2018-0490,CVE-2018-0491 Sources used: SUSE Package Hub for SUSE Linux Enterprise 12 (src): tor-0.3.2.10-14.1