[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Recommendation: Upgrade your OpenSSL!

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Recommendation: Upgrade your OpenSSL!
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Thu, 11 Jun 2015 14:30:35 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 11 Jun 2015 14:30:50 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=id2tR3kmCcyzowQYp/Ap9bhRoCXXvXqnLAADYFWgAok=; b=a2RtpVs6uameWfwtDThVxUFbTMsIBa1EymR/j7o0BHzDY5fjG4htxeEyG7rlRo9KC5 D0te6q7eWkttAhXwEUEjDzWhWyW6daUh4bjKbCErlmhJ9GNKLRY33Nz9y3KRk4r7Z0KZ 6Pmdq0AyeeygXiT5KN88NdKm3TwSMh8NKnu8bRtSw7JzaDueJItqzJAJRlFHrkqfCptW 5HQRVQNldPO0Mpqaf7HO5wunfIhwGnUbaXzWYENYdhgZHsiSAsjvXQXLLrYJd96kaPU1 Nzx0uWKPrXJTgDzWQ3FhTqqqd2qOUhg9+5yspKn4+3/11VoTPM6ohq6mWp7KquunBd+S 9YRw==
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi, relay operators!

There have been a series of new openssl releases today: 0.9.8zg,
1.0.0s, 1.0.1n, and 1.0.2b.

They fix a set of security issues described in this announcement:
    https://www.openssl.org/news/secadv_20150611.txt

Since some of these issues could allow a remote denial-of-service
attack, I would suggest that everybody should upgrade as OpenSSL
packages become available for your operating systems.   If you build
OpenSSL from source, now's a good time to rebuild.  You probably don't
need to run in circles freaking out, or anything -- just upgrade when
you can.

Also, if you can possibly avoid it, it would be a good idea to stop
using the OpenSSL 0.9.8 series entirely.  It's old and crufty and is
missing many security improvements in later versions.  OpenSSL 0.9.8
will not be supported in Tor 0.2.7.2-alpha or later.

best wishes, and many thanks!
--
Nick Mathewson
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] More consensus weight problems
Next by Author: [tor-relays] Questions about GUI monitor
Previous by thread: Re: [tor-relays] BWAUTH weightings too volatile. . ."twitchy"
Next by thread: Re: [tor-relays] Recommendation: Upgrade your OpenSSL! (Nick Mathewson)
Index(es):
- Author
- Thread