LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2007-1674 (tor)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: tor-0.1.2.16-1.fc7


Date:
    	      Sun, 19 Aug 2007 08:15:47 -0700


Message-ID:
    	      <200708191515.l7JFFlnm002752@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1674
2007-08-19 08:15:44.398478
--------------------------------------------------------------------------------

Name        : tor
Product     : Fedora 7
Version     : 0.1.2.16
Release     : 1.fc7
Summary     : Anonymizing overlay network for TCP (The onion router)
Description :
Tor is a connection-based low-latency anonymous communication system.

Applications connect to the local Tor proxy using the SOCKS protocol. The
local proxy chooses a path through a set of relays, in which each relay
knows its predecessor and successor, but no others. Traffic flowing down
the circuit is unwrapped by a symmetric key at each relay, which reveals
the downstream relay.

Warnings: Tor does no protocol cleaning.  That means there is a danger
that application protocols and associated programs can be induced to
reveal information about the initiator. Tor depends on Privoxy and
similar protocol cleaners to solve this problem. This is alpha code,
and is even more likely than released code to have anonymity-spoiling
bugs. The present network is very small -- this further reduces the
strength of the anonymity provided. Tor is not presently suitable for
high-stakes anonymity.

--------------------------------------------------------------------------------
Update Information:

* Fri Aug 03 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.16-1
- updated to 0.1.2.16 (SECURITY)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug  3 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.16-1
- updated to 0.1.2.16 (SECURITY)
* Sat Jul 28 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.15-1
- updated to 0.1.2.15
* Sat May 26 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.14-1
- updated to 0.1.2.14
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #244502
        https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244502
  [ 2 ] Bug #249840
        https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249840
  [ 3 ] CVE-2007-3165
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 4 ] CVE-2007-4174
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
--------------------------------------------------------------------------------
Updated packages:

c61620488084c256607d867bf65204b8478ee18e tor-0.1.2.16-1.fc7.ppc64.rpm
e82e0b50b9de31dcf31294c5dee2e1b2ea41e13c tor-lsb-0.1.2.16-1.fc7.ppc64.rpm
10c80977e6a250e199afbe7af7ab70752024928d tor-debuginfo-0.1.2.16-1.fc7.ppc64.rpm
3c527055884d1c43e34639ebf9e030774ab47b9b tor-core-0.1.2.16-1.fc7.ppc64.rpm
509e7fe43097321a878397e1a91ca4d9b12e0025 tor-core-0.1.2.16-1.fc7.i386.rpm
8b6332f771b918b3b1237694179c97fc508e0450 tor-debuginfo-0.1.2.16-1.fc7.i386.rpm
fb08a473948e08e754b490a272b05cec5ac9d807 tor-0.1.2.16-1.fc7.i386.rpm
e87b14a5592e1c65ea38d9142deb2a057b380c0e tor-lsb-0.1.2.16-1.fc7.i386.rpm
354d2688a01a2ceb579fc4c68b8e478dec23e60a tor-0.1.2.16-1.fc7.x86_64.rpm
2cd83eeb84b5134f01699ce922d3797b23cd9ff5 tor-debuginfo-0.1.2.16-1.fc7.x86_64.rpm
921f12441c335038c2ee7020c6d5075c4773b154 tor-lsb-0.1.2.16-1.fc7.x86_64.rpm
7551b32a2ad1b2c9961a840c5ddc7dbe62b122d1 tor-core-0.1.2.16-1.fc7.x86_64.rpm
fa57915f5cf4a51cd6960e4bf6c88b74b4d55a3a tor-debuginfo-0.1.2.16-1.fc7.ppc.rpm
54b766272ac864a11ef3962add0fccbed36c7f65 tor-core-0.1.2.16-1.fc7.ppc.rpm
f37252b781f32c03ef8a96e109dd11af06c6fa70 tor-0.1.2.16-1.fc7.ppc.rpm
60ea4facebed88d420a57cc3a15a9ddf721d1c90 tor-lsb-0.1.2.16-1.fc7.ppc.rpm
d04c30fe34714710eb53ff04d0be45d9827c4be0 tor-0.1.2.16-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds