[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
From: "Louie Cardone-Noott" <lcn@xxxxxxxxxxxx>
Date: Wed, 26 Oct 2016 17:24:24 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 26 Oct 2016 12:24:45 -0400
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.net; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=UK8KsQhMjPtQpIW u6KRz7rk0BQ0=; b=duQviZ3vrEDqfQ1YmwMeElGJ7IPVcrCq824oaiy8JocBCL0 25k4jkX2S5OhDbzutvm073EmBeWbUF9RRUUm3ZWNpFBcAP5k1kK0ZTjVdnhbum2Q r6fhsAt8LSw6AzDg9Wrrp12TJ0rZyD796bKnem5aBf2UyWAMFXR/Cpn72NjY=
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= smtpout; bh=UK8KsQhMjPtQpIWu6KRz7rk0BQ0=; b=r5w72WMwayPOtYZtKE7i dVoRiBp3pNkbcYd30CR8crPTQHAxXpaFi/k70xGw6aUWei7hWNqJFWvSVzSPlRev RQPFRr2PklyXz8vKbx47I16Z5MBlRYEdoE4SkSEkAf5D0xoUmVVFjH1YcLAtKwDl kv44qAEg0as37m0Ihvxc+Us=
In-reply-to: <CAKCAbMgkJ_t-2TSKmPLHp_yi0PGNtgL-Q4AJ3D87M79-bUkfpQ@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <3dad696b695be4f957105fc3468408d8.squirrel@clutterbuck.uk> <20161026095406.GZ892@sarek.noreply.org> <CAKCAbMgkJ_t-2TSKmPLHp_yi0PGNtgL-Q4AJ3D87M79-bUkfpQ@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, 26 Oct 2016, at 02:04 PM, Zack Weinberg wrote:
> If you're using Debian jessie, you can get an 0.2.8.9 package from
> either backports or the torproject.org repository.  I went with
> backports because that let me also pick up a much newer openssl.
> 
> zw

Zack,

Interesting, I too recently upgraded to the backports version of tor but
didn't think to do openssl too. The current versions as far as I can
tell are:

jessie, 1.0.1t-1+deb8u5 (https://packages.debian.org/jessie/openssl)
jessie-backports, 1.0.2j-1~bpo8+1
(https://packages.debian.org/jessie-backports/openssl)

Is there such a big difference between these?

Louie
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
  - From: Alan
- Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
  - From: Peter Palfrader
- Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
  - From: Zack Weinberg

Prev by Author: Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.
Next by Author: Re: [tor-relays] Recommendation for DUMB COMPUTING devices for Tor Relays
Previous by thread: Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Next by thread: Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Index(es):
- Author
- Thread