[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] If you build your own OpenSSL, and you're on 1.0.1, please upgrade to 1.0.1c



Hi, all!

If you are using any version of openssl 1.0.1, 1.0.1a, or 1.0.1b, you
should know that it's affected by a recent security advisory:

https://www.openssl.org/news/secadv_20120510.txt

If I am reading the diffs for this bug right, it looks like it would
attacker to crash a server remotely.  To avoid that, I'd recommend
that all Tor nodes running any version of OpenSSL 1.0.1 should upgrade
to 1.0.1c.

Non-1.0.1 version of OpenSSL have this bug in their DTLS
implementations, but Tor doesn't use DTLS.

We'll try to get new packages out soon.

yrs,
-- 
Nick
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk