Candidate: CVE-2017-0377
PublicDate: 2017-07-02 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0377
 https://trac.torproject.org/projects/tor/ticket/22753
 https://blog.torproject.org/blog/tor-0309-released-security-update-clients
 https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
 https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
 https://security-tracker.debian.org/CVE-2017-0377
Description:
 Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only
 considers the exit relay (not the exit relay's family), which might allow
 remote attackers to defeat intended anonymity properties by leveraging the
 existence of large families.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_tor:
upstream_tor: needs-triage
precise/esm_tor: DNE
trusty_tor: not-affected (code not present)
trusty/esm_tor: not-affected (code not present)
vivid/ubuntu-core_tor: DNE
xenial_tor: not-affected (code not present)
yakkety_tor: ignored (reached end-of-life)
zesty_tor: ignored (reached end-of-life)
artful_tor: ignored (reached end-of-life)
bionic_tor: not-affected (0.3.0.9-1)
cosmic_tor: not-affected (0.3.0.9-1)
devel_tor: not-affected (0.3.0.9-1)