Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisorynetwork securityanonymityMageia 7: MGASA-2020-0118 Moderate: GSocketClient Proxy Flaw
The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. . MGASA-2020-0118 - Updated glib2.0 packages fix security vulnerability Publication date: 06 Mar 2020 URL: https://advisories.mageia.org/MGASA-2020-0118.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-6750 The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. (CVE-2020-6750) References: - https://bugs.mageia.org/show_bug.cgi?id=26230 - https://lists.fedoraproject.org/archives/list/
Mar 06, 2020
Mageia
89
security advisoryfedorasecurity fixFedora 27: 2018-8b33bd7abf Critical: Tor Security Fixes Implemented
Update to latest version. Security-Fixes TROVE-2018-001, TROVE-2018-002,. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-8b33bd7abf 2018-03-12 19:02:51.236775 --------------------------------------------------------------------------------Name : tor Product : Fedora 27 Version : 0.3.1.10 Release : 1.fc27 URL : https://www.torproject.org Summary : Anonymizing overlay network for TCP Description : The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features. This package contains the Tor software that can act as either a server on the Tor network, or as a client to connect to the Tor network. --------------------------------------------------------------------------------Update Information: Update to latest version. Security-Fixes TROVE-2018-001, TROVE-2018-002, --------------------------------------------------------------------------------References: [ 1 ] Bug #1532909 - tor-0.3.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1532909 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade tor' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed withthe Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Mar 12, 2018
•Critical
Fedora
89
security advisorymoderateupdateFedora 20: 2015-5732 Moderate: Tor Update Enhances Anonymity Features
Update to upstream release 0.2.5.12.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-5732 2015-04-08 03:26:07 -------------------------------------------------------------------------------- Name : tor Product : Fedora 20 Version : 0.2.5.12 Release : 1.fc20 URL : https://www.torproject.org Summary : Anonymizing overlay network for TCP (The onion router) Description : Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.2.5.12. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 7 2015 Jamie Nguyen - 0.2.5.12-1 - update to upstream release 0.2.5.12 * Mon Mar 23 2015 Jamie Nguyen - 0.2.5.11-1 - update to upstream release 0.2.5.11 * Mon Oct 27 2014 Jamie Nguyen - 0.2.5.10-1 - update to upstream release 0.2.5.10 * Wed Oct 22 2014 Jamie Nguyen - 0.2.4.25-1 - update to upstream release 0.2.4.25 * Tue Sep 23 2014 Jamie Nguyen - 0.2.4.24-1 - update to upstream release 0.2.4.24 * Mon Aug 18 2014 FedoraRelease Engineering - 0.2.4.23-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 31 2014 Jamie Nguyen - 0.2.4.23-1 - update to upstream release 0.2.4.23 - CVE-2014-5117: potential for traffic-confirmation attacks * Sun Jun 8 2014 Fedora Release Engineering - 0.2.4.22-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon May 19 2014 Jamie Nguyen - 0.2.4.22-1 - update to upstream release 0.2.4.22 * Wed Mar 26 2014 Jamie Nguyen - 0.2.4.21-2 - remove `--quiet` from default systemd service file * Tue Mar 25 2014 Jamie Nguyen - 0.2.4.21-1 - update to upstream release 0.2.4.21 - remove crazy Release numbering - remove Obsoletes/Provides that were introduced in F19 - remove tor-tsocks.conf which has been removed completely upstream - include new file: _datadir/tor/geoip6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1209804 - CVE-2015-2928 CVE-2015-2929 tor: multiple issues fixed in the new upstream releases https://bugzilla.redhat.com/show_bug.cgi?id=1209804 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update tor' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 18, 2015
Fedora
89
security advisoryupdatecriticalFedora: 2015-5729 Critical Update: Enhancements for Tor Network
Update to upstream release 0.2.5.12.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-5729 2015-04-08 03:25:59 -------------------------------------------------------------------------------- Name : tor Product : Fedora 21 Version : 0.2.5.12 Release : 1.fc21 URL : https://www.torproject.org Summary : Anonymizing overlay network for TCP (The onion router) Description : Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.2.5.12. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 7 2015 Jamie Nguyen - 0.2.5.12-1 - update to upstream release 0.2.5.12 * Mon Mar 23 2015 Jamie Nguyen - 0.2.5.11-1 - update to upstream release 0.2.5.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1209804 - CVE-2015-2928 CVE-2015-2929 tor: multiple issues fixed in the new upstream releases https://bugzilla.redhat.com/show_bug.cgi?id=1209804 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update tor' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 18, 2015
•Critical
Fedora
89
security advisoryhigh severityFedoraFedora: 2015-4478 High: Tor Anonymity Update - 0.2.5.11
Update to upstream release 0.2.5.11.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-4478 2015-03-26 16:35:23 -------------------------------------------------------------------------------- Name : tor Product : Fedora 20 Version : 0.2.5.11 Release : 1.fc20 URL : https://www.torproject.org Summary : Anonymizing overlay network for TCP (The onion router) Description : Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.2.5.11. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2015 Jamie Nguyen - 0.2.5.11-1 - update to upstream release 0.2.5.11 * Mon Oct 27 2014 Jamie Nguyen - 0.2.5.10-1 - update to upstream release 0.2.5.10 * Wed Oct 22 2014 Jamie Nguyen - 0.2.4.25-1 - update to upstream release 0.2.4.25 * Tue Sep 23 2014 Jamie Nguyen - 0.2.4.24-1 - update to upstream release 0.2.4.24 * Mon Aug 18 2014 Fedora Release Engineering - 0.2.4.23-2 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 31 2014 Jamie Nguyen - 0.2.4.23-1 - update to upstream release 0.2.4.23 - CVE-2014-5117: potential for traffic-confirmation attacks * Sun Jun 8 2014 Fedora Release Engineering - 0.2.4.22-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon May 19 2014 Jamie Nguyen - 0.2.4.22-1 - update to upstream release 0.2.4.22 * Wed Mar 26 2014 Jamie Nguyen - 0.2.4.21-2 - remove `--quiet` from default systemd service file * Tue Mar 25 2014 Jamie Nguyen - 0.2.4.21-1 - update to upstream release 0.2.4.21 - remove crazy Release numbering - remove Obsoletes/Provides that were introduced in F19 - remove tor-tsocks.conf which has been removed completely upstream - include new file: _datadir/tor/geoip6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204773 - CVE-2015-2688 CVE-2015-2689 tor: security fixes in 0.2.4.26 and 0.2.5.11 https://bugzilla.redhat.com/show_bug.cgi?id=1204773 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update tor' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 05, 2015
Fedora
89
security advisoryFedorasecurity fixFedora 21: 2015-4725 Moderate: Tor Security Update Release
Update to upstream release 0.2.5.11.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-4725 2015-03-26 16:50:44 -------------------------------------------------------------------------------- Name : tor Product : Fedora 21 Version : 0.2.5.11 Release : 1.fc21 URL : https://www.torproject.org Summary : Anonymizing overlay network for TCP (The onion router) Description : Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.2.5.11. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2015 Jamie Nguyen - 0.2.5.11-1 - update to upstream release 0.2.5.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204773 - CVE-2015-2688 CVE-2015-2689 tor: security fixes in 0.2.4.26 and 0.2.5.11 https://bugzilla.redhat.com/show_bug.cgi?id=1204773 -------------------------------------------------------------------------------- This update can be installedwith the "yum" update program. Use su -c 'yum update tor' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 05, 2015
Fedora
91
security advisoryGentoolow severityGentoo 200508-16 Low Severity: Tor Information Leak Threat
A flaw in Tor leads to the disclosure of information and the loss of anonymity, integrity and confidentiality.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Tor: Information disclosure Date: August 25, 2005 Bugs: #102245 ID: 200508-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A flaw in Tor leads to the disclosure of information and the loss of anonymity, integrity and confidentiality. Background ========= Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/tor < 0.1.0.14 > = 0.1.0.14 Description ========== The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes. Impact ===== By setting up a malicious Tor server and enticing users to use this server as first hop, a remote attacker could read and modify all traffic of the user. Workaround ========= There is no known workaround at this time. Resolution ========= All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/tor-0.1.0.14" References ========= [ 1 ] CAN-2005-2643 [ 2 ] Tor Security Announcement Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200508-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 25, 2005
•Low
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!