blob: 4d105d99aa771d1307ebefb2d83b63398e5c9c02 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200506-18">
<title>Tor: Information disclosure</title>
A flaw in Tor may allow the disclosure of arbitrary memory portions.
<product type="ebuild">tor</product>
<announced>June 21, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="net-misc/tor" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
Tor is an implementation of second generation Onion Routing, a
connection-oriented anonymizing communication service.
A bug in Tor allows attackers to view arbitrary memory contents from an
exit server's process space.
<impact type="low">
A remote attacker could exploit the memory disclosure to gain sensitive
information and possibly even private keys.
There is no known workaround at this time.
All Tor users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-misc/tor-;</code>
<uri link="">Tor Security Announcement</uri>
<uri link="">CVE-2005-2050</uri>
<metadata tag="requester" timestamp="Mon, 20 Jun 2005 07:51:28 +0000">
<metadata tag="submitter" timestamp="Mon, 20 Jun 2005 13:31:02 +0000">
<metadata tag="bugReady" timestamp="Tue, 21 Jun 2005 08:50:44 +0000">