On Thu, 2010-12-09 at 19:02 +0100, ml@xxxxxxxxxxx wrote: > Hi, > > i have/had problems with Tor 0.2.2.19-alpha and 0.2.1.27 (recompiled) after > the last openssl update under Ubuntu Maverick according "Ubuntu Security > Notice USN-1029-1, December 08, 2010, openssl vulnerabilities, CVE-2008-7270, > CVE-2010-4180". > > Both Tor versions crash with core dumps and the last line in info.log is: > "[info] cpuworker_main(): CPU worker exiting because Tor process closed > connection (either rotated keys or died)." I'm running "Tor version 0.2.1.27 (r5e842d29f970dcaa).", and have this version of OpenSSL installed on Ubuntu: "0.9.8o-1ubuntu4.3". The changelog mentions the CVE you refer to: > openssl (0.9.8o-1ubuntu4.3) maverick-security; urgency=low > > * SECURITY UPDATE: ciphersuite downgrade vulnerability > - openssl-CVE-2010-4180-secadv_20101202-0.9.8.patch: > disable workaround for Netscape cipher suite bug in ssl/s3_clnt.c > and ssl/s3_srvr.c > - CVE-2010-4180 > > -- Steve Beattie <sbeattie@xxxxxxxxxx> Thu, 02 Dec 2010 16:24:31 -0800 However, I haven't experienced any problems with Tor. As far as I am aware, nothing is unique about my setup -- just the default Tor install with the default Ubuntu Maverick amd64 install. Are we running the same versions of everything? Maybe the problem is somewhere else (like your chroot setup)?
Attachment:
signature.asc
Description: This is a digitally signed message part