[SECURITY] [DLA 754-1] tor security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : tor
Version : 0.2.4.27-3
CVE ID : CVE-2016-1254
Debian Bug : #848847
It was discovered that Tor, a connection-based low-latency anonymous
communication system, may read one byte past a buffer when parsing
hidden service descriptors. This issue may enable a hostile hidden
service to crash Tor clients depending on hardening options and malloc
implementation.
For Debian 7 "Wheezy", these problems have been fixed in version
0.2.4.27-3.
We recommend that you upgrade your tor packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEs4PXhajJL968BgN2hgLIIDhyMx8FAlhZIhkACgkQhgLIIDhy
Mx8nigf/RMa4HyLW+OsGRvwaIssLMRLinE5rKFn33zep73l2utLxWPSJssaCbUtM
zsdL10t/XL2ztKFPiNrr1U40SpQxPDKoW2P8oDmjZo46ngyoUqvP6xpoTIX3wUuk
y+ubK2CeFCBDjTHKfZThExnFpBwIwy5fD5GbbIYV6yzEIj77SehWO1VH+wRciANh
HlKE6HgCpvjO9XRhhvYYEUBcze3ZnkgJJ+RWlGBmexVqP+a4TjkJO2TiR0NTZ1Xt
uMMif94vghPWkeg04KgXVejj9T447rhncgTQQmXFvLzILTmRAJh+DNRC25VvMnEV
3dihCWAFRbtCzbQWKT7AeQOY970M+A==
=msQV
-----END PGP SIGNATURE-----
Reply to: