Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecurityNotifies] [VUA 74-1] Updated tor version

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecurityNotifies] [VUA 74-1] Updated tor version


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Philipp Kern <pkern AT debian.org>
  • To: debian-volatile-announce AT lists.debian.org
  • Subject: [IT-SecurityNotifies] [VUA 74-1] Updated tor version
  • Date: Mon, 22 Nov 2010 21:06:27 +0100
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <pkern AT thrall.0x539.de>
  • Resent-date: Mon, 22 Nov 2010 20:15:40 +0000 (UTC)
  • Resent-from: debian-volatile-announce AT lists.debian.org
  • Resent-message-id: <B4Zt86V0IRF.A.TYH.s9s6MB@liszt>
  • Resent-sender: debian-volatile-announce-request AT lists.debian.org
---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 74-1 http://volatile.debian.org
debian-volatile AT lists.debian.org Peter Palfrader
November 22nd, 2010
---------------------------------------------------------------------------

Package : tor
Version : 0.2.1.26-1~lennyvolatile2 (Lenny)
Importance : medium

The recent openssl security update in stable (DSA-2125-1), which fixes a
TLS extension parsing race condition, unfortunately also causes a
particular behaviour change in the libssl library. This change results
in all Tor relays (including bridge relays) running Tor versions 0.2.1.x
or 0.2.2.x to silently cease to work.

The previous version released through lenny-volatile
(0.2.1.26-1~lennyvolatile1) is affected by this problem.

This Debian Volatile update incorporates a patch from the upcoming Tor
0.2.1.27 release which resolves the incompatibility, thus restoring
relay functionality.


We recommend that all Tor relays or bridge relays running Tor 0.2.1.26
on Debian lenny (Debian 5.0, stable) update their Tor package to version
0.2.1.26-1~lennyvolatile2 (now in volatile), or any other similarly
fixed package.


Tor 0.2.0.35 - the version currently in stable - is not affected by this
particular problem, however a different upcoming openssl change will
also break tor 0.2.0.x relays. Therefore an update to the version in
stable is planned for the near future.


Upgrade Instructions
--------------------

You can get the updated packages at

http://volatile.debian.org/debian-volatile/pool/volatile/main/t/tor

and install them with dpkg, or add the volatile archive for Lenny
to your /etc/apt/sources.list:

deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

You can also use any of our mirrors. See
`http://www.debian.org/volatile/volatile-mirrors' for the full list of
mirrors. The archive signing keys were included in Debian Lenny.

For further information about debian-volatile, please refer to
`http://www.debian.org/volatile/'.

If there are any issues, please don't hesitate to get in touch with the
debian-volatile team at `debian-volatile AT lists.debian.org'.

Attachment: signature.asc
Description: Digital signature


  • [IT-SecurityNotifies] [VUA 74-1] Updated tor version, Philipp Kern, 22.11.2010

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang