[Secure-testing-team] Bug#537148: CVE-2009-2425, CVE-2009-2426
Giuseppe Iuculano
giuseppe at iuculano.it
Wed Jul 15 13:59:51 UTC 2009
Package: tor
Version: 0.2.0.34-1
Severity: important
Tags: security lenny
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for tor.
CVE-2009-2425[0]:
| Tor before 0.2.0.35 allows remote attackers to cause a denial of
| service (application crash) via a malformed router descriptor.
CVE-2009-2426[1]:
| The connection_edge_process_relay_cell_not_open function in
| src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before
| 0.1.2.8-beta allows exit relays to have an unspecified impact by
| causing controllers to accept DNS responses that redirect to an
| internal IP address via unknown vectors. NOTE: some of these details
| are obtained from third party information.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2425
http://security-tracker.debian.net/tracker/CVE-2009-2425
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2426
http://security-tracker.debian.net/tracker/CVE-2009-2426
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpd4NQACgkQNxpp46476aokHQCfa17Dn/yePS/XahDjjS20tyN0
c+UAnj9TevSMj4sxPnduFcIfBoe7RkMk
=0dGL
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list