CVE-2012-3517

Related Files

Mandriva Linux Security Advisory 2013-132

Posted Apr 11, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-132 - Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. Various other vulnerabilities have been addressed.

tags | advisory, remote, vulnerability

systems | linux, mandriva

advisories | CVE-2011-2768, CVE-2011-2769, CVE-2012-3517, CVE-2012-3518, CVE-2012-3519, CVE-2012-4419, CVE-2012-5573

SHA-256 | 5ee102c8464d210c11eb70256fe5f9fdeb5edd501b3b5eb68b0590a9bb1f0ee1

Download | Favorite | View

Gentoo Linux Security Advisory 201301-03

Posted Jan 9, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201301-3 - Multiple vulnerabilities have been found in Tor, allowing attackers to cause Denial of Service or obtain sensitive information. Versions less than 0.2.3.25 are affected.

tags | advisory, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2012-3517, CVE-2012-3518, CVE-2012-3519, CVE-2012-4419, CVE-2012-4922, CVE-2012-5573

SHA-256 | 1ce5e4fcdcb2acbdce162b2be890b3cc7a74c271c3e1885443f9c9b318d98138

Download | Favorite | View