Debian Security Advisory
DLA-17-1 tor -- LTS security update
- Date Reported:
- 31 Jul 2014
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
The Tor version previously in Debian squeeze, 0.2.2.39, is no longer supported by upstream.
This update brings the currently stable version of Tor, 0.2.4.23, to Debian squeeze.
Changes include use of stronger cryptographic primitives, always clearing bignums before freeing them to avoid leaving key material in memory, mitigating several linkability vectors such as by disabling client-side DNS caches, blacklisting authority signing keys potentially compromised due to heartbleed, updating the list of directory authorities, and much more.
We recommend that you upgrade your tor packages.
For Debian 6
Squeeze, these issues have been fixed in tor version 0.2.4.23-1~deb6u1