> Date: Thu, 11 Jun 2015 14:30:35 -0400 > From: Nick Mathewson <nickm@xxxxxxxxxxxxxx> > > Hi, relay operators! > > There have been a series of new openssl releases today: 0.9.8zg, > 1.0.0s, 1.0.1n, and 1.0.2b. > > They fix a set of security issues described in this announcement: > https://www.openssl.org/news/secadv_20150611.txt > > Since some of these issues could allow a remote denial-of-service > attack, I would suggest that everybody should upgrade as OpenSSL > packages become available for your operating systems. If you build > OpenSSL from source, now's a good time to rebuild. You probably don't > need to run in circles freaking out, or anything -- just upgrade when > you can. > > Also, if you can possibly avoid it, it would be a good idea to stop > using the OpenSSL 0.9.8 series entirely. It's old and crufty and is > missing many security improvements in later versions. OpenSSL 0.9.8 > will not be supported in Tor 0.2.7.2-alpha or later. Please also note that OpenSSL versions 0.9.8 and 1.0.0 are becoming unsupported at the end of 2015: "As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade." See the second-last section in https://www.openssl.org/news/secadv_20150611.txt teor teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays