Bug 20607

Summary: Tor DNS Spoofing and Denial of Service Vulnerabilities: CVE-2009-2425, CVE-2009-2426
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: torAssignee: Anton Farygin <rider>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P3 CC: rider
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://archives.seul.org/or/announce/Jun-2009/msg00000.html

Description Vladimir Lettiev 2009-06-26 21:28:58 MSD
Changes in version 0.2.0.35 - 2009-06-24
  o Security fix:
    - Avoid crashing in the presence of certain malformed descriptors.
      Found by lark, and by automated fuzzing.
    - Fix an edge case where a malicious exit relay could convince a
      controller that the client's DNS question resolves to an internal IP
      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
...
Comment 1 Sviatoslav Sviridov 2009-06-30 16:01:43 MSD
Version in Sisyphus is updated to 0.2.0.35-alt2