Debian Security Advisory

DSA-4871-1 tor -- security update

Date Reported:
16 Mar 2021
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2021-28089, CVE-2021-28090.
More information:

Two vulnerabilities were discovered in Tor, a connection-based low-latency anonymous communication system, which could lead to excessive CPU usage or cause a directory authority to crash.

For the stable distribution (buster), these problems have been fixed in version

We recommend that you upgrade your tor packages.

For the detailed security status of tor please refer to its security tracker page at: