[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Security advisory: Please upgrade to today's OpenSSL.
Hi, all!
There is a new version of OpenSSL out today, with a security advisory
that affects Tor. The vulnerability is CVE-2021-3449, as described on
https://www.openssl.org/news/secadv/20210325.txt . It affects OpenSSL
versions 1.1.1 through 1.1.1j. OpenSSL 1.1.1k is the first version
with a fix.
I haven't tested this bug, but I believe that it would allow an
adversary to remotely crash Tor relays and authorities. It won't have
any effect on Tor clients.
I suggest that everybody should upgrade to the latest OpenSSL when it
becomes available on their platform.
best wishes,
--
Nick
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays