[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 754-1] tor security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : tor
Version        : 0.2.4.27-3
CVE ID         : CVE-2016-1254
Debian Bug     : #848847

It was discovered that Tor, a connection-based low-latency anonymous
communication system, may read one byte past a buffer when parsing
hidden service descriptors. This issue may enable a hostile hidden
service to crash Tor clients depending on hardening options and malloc
implementation.

For Debian 7 "Wheezy", these problems have been fixed in version
0.2.4.27-3.

We recommend that you upgrade your tor packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEs4PXhajJL968BgN2hgLIIDhyMx8FAlhZIhkACgkQhgLIIDhy
Mx8nigf/RMa4HyLW+OsGRvwaIssLMRLinE5rKFn33zep73l2utLxWPSJssaCbUtM
zsdL10t/XL2ztKFPiNrr1U40SpQxPDKoW2P8oDmjZo46ngyoUqvP6xpoTIX3wUuk
y+ubK2CeFCBDjTHKfZThExnFpBwIwy5fD5GbbIYV6yzEIj77SehWO1VH+wRciANh
HlKE6HgCpvjO9XRhhvYYEUBcze3ZnkgJJ+RWlGBmexVqP+a4TjkJO2TiR0NTZ1Xt
uMMif94vghPWkeg04KgXVejj9T447rhncgTQQmXFvLzILTmRAJh+DNRC25VvMnEV
3dihCWAFRbtCzbQWKT7AeQOY970M+A==
=msQV
-----END PGP SIGNATURE-----
Reply to: