[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Is my relay affected by cve-2016-8860?

To: Tor Relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-relays] Is my relay affected by cve-2016-8860?
From: nusenu <nusenu@xxxxxxxxxxxxxxx>
Date: Tue, 15 Nov 2016 21:17:00 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 15 Nov 2016 16:18:20 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1479244683; bh=y4e2xcc2Tl59HxXKT4cqc+nDonBEADb5qcSM1S3vYGQ=; h=To:From:Subject:Date:From; b=L8QgeQbdEqI2fEDpAr/jouH0BTXKRX/qR6GEyhfQvTEeRjOwtOZls8sYbVJm59kF1 Bh7Ds0eXZcH/iSYuaHdaLnHd5ziZmgoG3J6xxOckW7b+D6g2/ABJ1ExBkxoOt76+kx DZ3hhy+W9DY9NZJnrlg3TFOAqNad0C3mdzKLLlIk=
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1479244679; bh=y4e2xcc2Tl59HxXKT4cqc+nDonBEADb5qcSM1S3vYGQ=; h=To:From:Subject:Date:From; b=PM3wZNoIT4bBFL+LhzpbBY9W643JYyAOoeQ1Lsb0K61ehr6KWO69iILA1VFf0n3wJ VP/o1v2Saa/7M8+3h3cymFaaB3LXRFIXHcgMXb5Ky/3g6nBUv4VTCdJVe7bjvI9+n0 OBqM3a1VSyfh8fMEQZc4cG0vIsoJIaN99gN4OxEo=
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

https://blog.torproject.org/blog/tor-0289-released-important-fixes


If you are unsure whether you are running a vulnerable tor relay, you
can search your contact string on the following page (sorted by cw
fraction):


https://github.com/ornetstats/stats/blob/master/o/cve-2016-8860.txt
(generated daily)


If you are on that page you are likely running a vulnerable version
(unless someone else is using your contactinfo as well)


Unfortunately the opposite does not hold true - meaning you are not 100%
safe if you are not listed
(I tried to keep the false positives low for the price of a higher
false-negative rate).

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Is my relay affected by cve-2016-8860?
  - From: pa011

Prev by Author: Re: [tor-relays] [OrNetRadar] AS: "Choopa, LLC" - Linux (20), "GMO Internet, Inc" (10)
Next by Author: Re: [tor-relays] network scan results for CVE-2016-5696 / rfc 5961
Previous by thread: Re: [tor-relays] DoS from my tor guard VPS
Next by thread: Re: [tor-relays] Is my relay affected by cve-2016-8860?
Index(es):
- Author
- Thread