Headline
Debian Security Advisory 5320-1
Debian Linux Security Advisory 5320-1 - A logic error was discovered in the implementation of the “SafeSocks” option of Tor, a connection-based low-latency anonymous communication system, which did result in allowing unsafe SOCKS4 traffic to pass.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5320-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffJanuary 16, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : torCVE ID : CVE-2023-23589A logic error was discovered in the implementation of the "SafeSocks"option of Tor, a connection-based low-latency anonymous communicationsystem, which did result in allowing unsafe SOCKS4 traffic to pass.For the stable distribution (bullseye), this problem has been fixed inversion 0.4.5.16-1.We recommend that you upgrade your tor packages.For the detailed security status of tor please refer toits security tracker page at:https://security-tracker.debian.org/tracker/torFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIyBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPFo7EACgkQEMKTtsN8TjYBiQ/3Z0/GsDkFaQcjChUneEGZwHDjyw1H/0FzOSbAl6KAjCeiPX645IQZ00Nilqc+uldH8YdXfbM3K330ld25VOb4F7ETgWqeP2nEGtqgTrYkg0EiQFWOtf+cF80wkwo+fK+Okq7FKT2ujBNXnZeUcUfwlUfa+Zuo87g9tYU5WNzyl5SB8F13sq9AyWRZK/1EKJqpeKhsjPfTM06ee2sEXX8vxMXEKvBtzdk5FonAPU2NLv0Nr+P82aFWUsCrSpjN0yU4qN6/mv7ePqWrk+OJlBdTi2sNv7Yu7S/kDnmkiBR0UqkL4eQve/+UUlR0FEVMrzgJKtITT5zLFsmBNHZmx9LDHkAQsNTSefze4SFYSPqykOYvKpF2UmYtwl+wWcttU/He7RVNiw6WE1i4Du+YOyD9BT3nVC2Aql3hcsKGsOHSxWXWUIXFtG9zIagzZ/KGLFWS7VnMXO6x3a7lYTjgR0LzZFruCpSyzh5polM9adaR3PBsoVLfUQpq5c2OWVMEAHbu8hCWPmVLiOnyLo8vTT7lxMwErWNC/fs4WshpDNu2hD+LW8ZZoRpqN2lzlUAsTaxyTLvDblS/NZM4byHfEcB0yFQEWLEreFyNR9qbgo0/gFrWk6OZdT0odTFVTeTUDnlf+WnJnwP8KV5OJl5GHvERnpDwPQCxH6UaPoF1BSos8A==jzew-----END PGP SIGNATURE-----
Related news
Gentoo Linux Security Advisory 202305-11
Gentoo Linux Security Advisory 202305-11 - Multiple vulnerabilities have been found in Tor, the worst of which could result in denial of service. Versions less than 0.4.7.13 are affected.
CVE-2023-23589: socks: Make SafeSocks refuse SOCKS4 and accept SOCKS4a (a282145b) · Commits · The Tor Project / Core / Tor · GitLab
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.