Debian Security Advisory

DLA-754-1 tor -- LTS security update

Date Reported:
20 Dec 2016
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2016-1254.
More information:

It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation.

For Debian 7 Wheezy, these problems have been fixed in version

We recommend that you upgrade your tor packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: