Debian: DSA-3694-1: tor security update
Debian: DSA-3694-1: tor security update
It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string. This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3694-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tor CVE ID : not yet available It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string. This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority. For the stable distribution (jessie), this problem has been fixed in version 0.2.5.12-3. For the unstable distribution (sid), this problem has been fixed in version 0.2.8.9-1. For the experimental distribution, this problem has been fixed in version 0.2.9.4-alpha-1. We recommend that you upgrade your tor packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.