rpm package
opensuse/tor&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/tor&distro=openSUSE%20Tumbleweed
Vulnerabilities (53)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-4419 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Sep 14, 2012 | The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy c | ||
| CVE-2012-3519 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Aug 26, 2012 | routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. | ||
| CVE-2012-3518 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Aug 26, 2012 | The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) conse | ||
| CVE-2012-3517 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Aug 26, 2012 | Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. | ||
| CVE-2011-4576 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Jan 6, 2012 | The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | ||
| CVE-2011-4897 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Dec 23, 2011 | Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value. | ||
| CVE-2011-4896 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Dec 23, 2011 | Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridg | ||
| CVE-2011-4895 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Dec 23, 2011 | Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. | ||
| CVE-2011-4894 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Dec 23, 2011 | Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | ||
| CVE-2011-2778 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Dec 23, 2011 | Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration. | ||
| CVE-2011-2769 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Dec 23, 2011 | Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. | ||
| CVE-2011-2768 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Dec 23, 2011 | Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or | ||
| CVE-2011-0427 | — | < 0.2.8.11-1.1 | 0.2.8.11-1.1 | Jan 19, 2011 | Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. |
- CVE-2012-4419Sep 14, 2012affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy c
- CVE-2012-3519Aug 26, 2012affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack.
- CVE-2012-3518Aug 26, 2012affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) conse
- CVE-2012-3517Aug 26, 2012affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.
- CVE-2011-4576Jan 6, 2012affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
- CVE-2011-4897Dec 23, 2011affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.
- CVE-2011-4896Dec 23, 2011affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridg
- CVE-2011-4895Dec 23, 2011affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building.
- CVE-2011-4894Dec 23, 2011affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections.
- CVE-2011-2778Dec 23, 2011affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.
- CVE-2011-2769Dec 23, 2011affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values.
- CVE-2011-2768Dec 23, 2011affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or
- CVE-2011-0427Jan 19, 2011affected < 0.2.8.11-1.1fixed 0.2.8.11-1.1
Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Page 3 of 3