[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
From: Markus Koch <niftybunny@xxxxxxxxxxxxxx>
Date: Wed, 26 Oct 2016 09:30:43 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 26 Oct 2016 03:30:58 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=5hptnOoOIln/SJbf9Z3ygoQKvpwxpFExdXkSsquDnPM=; b=zPhG4RRHt3LlI93ihstXzNulOY3QGdY4jURUcmzIHOa5bqe5pZ0OjYRMp5pSfD3DyU y9Zz2wV32U+EwA2Lqkz0gRKTmubxYheHU7BzeG94SRt99My8GxTKqeASIbBZ9rEZSeR7 uRAydWzUNxeLUElmaDNHBdEfx7tNIVVW3bHFri4jA8Pvd3ps2h2H6lRF1vM742IaLHAk eIl/oBqYE2DtWRCm+OUdZf4dn4hYX/PhO/4gL+zPeWFt/uRzjZpK7Ka0gCYUcNkGL9fv tYbuBNqDMMbvPKx5jgsxlKTUStDkzYCEq8ZKw/NQMoGSSpoAvrklqD0lFFm4XHL4usnt 7Ofg==
In-reply-to: <39B5667E-FC19-4286-91A3-4C395031A7F7@quintex.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <f4620b8b-585b-20fa-8295-1a87751d7bad@openmailbox.org> <CALsPhAE4-SYC752Op+P0igrwEKc2d3yuZ9-VYOSr84NOU-onwg@mail.gmail.com> <39B5667E-FC19-4286-91A3-4C395031A7F7@quintex.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

I did it like a real man, just me hands and putty without any bash scripts and these modern devil tools!

markus


Sent from my iPad

> On 26 Oct 2016, at 09:18, John Ricketts <john@xxxxxxxxxxx> wrote:
> 
> I feel you Markus, I did 24.  I wrote a bash script to update/upgrade/reboot. 
> 
>> On Oct 26, 2016, at 02:17, Markus Koch <niftybunny@xxxxxxxxxxxxxx> wrote:
>> 
>> 32 relays updated (Debian + Tor compiled to latest version)
>> 
>> I am getting too old for this without a server management system ....
>> 
>> Markus
>> 
>> 
>> 
>> 
>> 2016-10-25 23:48 GMT+02:00 nusenu <nusenu@xxxxxxxxxxxxxxx>:
>>> just a reminder since most of the tor network (including some of the
>>> biggest operators) still runs vulnerable relays
>>> 
>>> https://blog.torproject.org/blog/tor-0289-released-important-fixes
>>> 
>>> 
>>> Since 2/3 directory authorities removed most vulnerable versions from
>>> their 'recommended versions' you should see a log entry if you run
>>> outdated versions (except if you run 0.2.5.12).
>>> 
>>> 
>>> It is not possible to reliable determine the exact CW fraction
>>> affected[1] due to the fact that patches were released that didn't
>>> increase tor's version number.
>>> Therefore it is also possible that you get log entries even if you run a
>>> patched version (IMHO this hasn't been handled in the most professional
>>> way).
>>> 
>>> 
>>> Update instructions
>>> 
>>> Debian/Ubuntu
>>> ==============
>>> 
>>> make sure you use the Torproject repository:
>>> https://www.torproject.org/docs/debian.html.en
>>> 
>>> (you can also use the debian repository but the Torproject's repo will
>>> provide you with the latest releases)
>>> 
>>> 
>>> aptitude update && aptitude install tor
>>> 
>>> 
>>> CentOS/RHEL/Fedora
>>> ===================
>>> 
>>> yum install --enablerepo=epel-testing tor
>>> 
>>> 
>>> FreeBSD
>>> ============
>>> 
>>> pkg update
>>> pkg upgrade
>>> 
>>> OpenBSD
>>> ===========
>>> 
>>> pkg_add -u tor
>>> 
>>> 
>>> Windows
>>> ========
>>> 
>>> No updated binaries available for this platform yet.
>>> 
>>> 
>>> 
>>> 
>>> [1] as of 2016-10-25 18:00 (onionoo data)
>>> conservative estimate
>>> ----------------------
>>> (counts only 0.2.8.9 and 0.2.9.4-alpha as patched)
>>> 31% CW fraction patched
>>> 
>>> optimistic estimate
>>> -------------------
>>> (additionally assumes every non-Windows running 0.2.4.27, 0.2.5.12,
>>> 0.2.6.10, 0.2.7.6 that restarted since 2016-10-17 is patched):
>>> 43% CW fraction patched
>>> 
>>> 
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> 
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
  - From: John Ricketts
- Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
  - From: Petrusko

References:
- [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
  - From: nusenu
- Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
  - From: Markus Koch
- Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
  - From: John Ricketts

Prev by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by Author: Re: [tor-relays] Digital Ocean - running Exit node locked
Previous by thread: Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Next by thread: Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Index(es):
- Author
- Thread