Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Fedora: 2016-0429f34acd Critical: torbrowser-launcher Signature Bypass

fedora
Calendar Grey March 25, 2016
Scroller Fedora Esm H88
Fedora Software Notification: Update for torbrowser-launcher to resolve a security flaw that bypasses signature checks impacting system integrity.
Fix signature verification bypass attack, reported by Jann Horn

Summary

Tor Browser Launcher is intended to make Tor Browser easier to

install and use for GNU/Linux users. You install torbrowser-launcher

from your distribution's package manager and it handles everything else:

* Downloads and installs the most recent version of Tor Browser in your language

and for your computer's architecture, or launches Tor Browser if it's already

installed (Tor Browser will automatically update itself)

* Verifies Tor Browser's signature for you, to ensure the version you downloaded

was cryptographically signed by Tor developers and was not tampered with

* Adds "Tor Browser" and "Tor Browser Launcher Settings" application launcher

to your desktop environment's menu

* Optionally plays a modem sound when you open Tor Browser

(because Tor is so slow)

Update Information:

Fix signature verification bypass attack, reported by Jann Horn

Change Log

References


[ 1 ] Bug #1317324 - torbrowser-launcher-v0.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1317324

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update torbrowser-launcher' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: torbrowser-launcher
Product: Fedora 22
Version: 0.2.4
Release: 1.fc22
Summary: Tor Browser Bundle managing tool

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.