[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
I did it like a real man, just me hands and putty without any bash scripts and these modern devil tools!
markus
Sent from my iPad
> On 26 Oct 2016, at 09:18, John Ricketts <john@xxxxxxxxxxx> wrote:
>
> I feel you Markus, I did 24. I wrote a bash script to update/upgrade/reboot.
>
>> On Oct 26, 2016, at 02:17, Markus Koch <niftybunny@xxxxxxxxxxxxxx> wrote:
>>
>> 32 relays updated (Debian + Tor compiled to latest version)
>>
>> I am getting too old for this without a server management system ....
>>
>> Markus
>>
>>
>>
>>
>> 2016-10-25 23:48 GMT+02:00 nusenu <nusenu@xxxxxxxxxxxxxxx>:
>>> just a reminder since most of the tor network (including some of the
>>> biggest operators) still runs vulnerable relays
>>>
>>> https://blog.torproject.org/blog/tor-0289-released-important-fixes
>>>
>>>
>>> Since 2/3 directory authorities removed most vulnerable versions from
>>> their 'recommended versions' you should see a log entry if you run
>>> outdated versions (except if you run 0.2.5.12).
>>>
>>>
>>> It is not possible to reliable determine the exact CW fraction
>>> affected[1] due to the fact that patches were released that didn't
>>> increase tor's version number.
>>> Therefore it is also possible that you get log entries even if you run a
>>> patched version (IMHO this hasn't been handled in the most professional
>>> way).
>>>
>>>
>>> Update instructions
>>>
>>> Debian/Ubuntu
>>> ==============
>>>
>>> make sure you use the Torproject repository:
>>> https://www.torproject.org/docs/debian.html.en
>>>
>>> (you can also use the debian repository but the Torproject's repo will
>>> provide you with the latest releases)
>>>
>>>
>>> aptitude update && aptitude install tor
>>>
>>>
>>> CentOS/RHEL/Fedora
>>> ===================
>>>
>>> yum install --enablerepo=epel-testing tor
>>>
>>>
>>> FreeBSD
>>> ============
>>>
>>> pkg update
>>> pkg upgrade
>>>
>>> OpenBSD
>>> ===========
>>>
>>> pkg_add -u tor
>>>
>>>
>>> Windows
>>> ========
>>>
>>> No updated binaries available for this platform yet.
>>>
>>>
>>>
>>>
>>> [1] as of 2016-10-25 18:00 (onionoo data)
>>> conservative estimate
>>> ----------------------
>>> (counts only 0.2.8.9 and 0.2.9.4-alpha as patched)
>>> 31% CW fraction patched
>>>
>>> optimistic estimate
>>> -------------------
>>> (additionally assumes every non-Windows running 0.2.4.27, 0.2.5.12,
>>> 0.2.6.10, 0.2.7.6 that restarted since 2016-10-17 is patched):
>>> 43% CW fraction patched
>>>
>>>
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays