Debian: DSA-2331-1 Moderate: Tor Design Issue - Remote Threat
debian
October 28, 2011
It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to...
Topics Covered
Summary
It has been discovered by "frosty_un" that a design flaw in Tor, an online
privacy tool, allows malicious relay servers to learn certain information
that they should not be able to learn. Specifically, a relay that a user
connects to directly could learn which other relays that user is
connected to directly. In combination with other attacks, this issue
can lead to deanonymizing the user. The Common Vulnerabilities and
Exposures project has assigned CVE-2011-2768 to this issue.
In addition to fixing the above mentioned issues, the updates to oldstable
and stable fix a number of less critical issues (CVE-2011-2769). Please
see this posting from the Tor blog for more information:
https://blog.torproject.org/tor-02234-released-security-patches/
For the oldstable distribution (lenny), this problem has been fixed in
version 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian
archive scripts, the update cannot be released synchronously with the
packages for stable. It will be released s...
PREVIOUS
NEXT
Package: tor
CVE ID: CVE-2011-2768 CVE-2011-2769
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!