|
|
Log in / Subscribe / Register

Debian alert DSA-6200-1 (tor)



From:
              Moritz Muehlenhoff <jmm@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6200-1] tor security update


Date:
              Sun, 05 Apr 2026 20:58:15 +0000


Message-ID:
              <adLM536CTJquVLaC@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6200-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 05, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tor
CVE ID         : not yet available

Two security vulnerabilities (TROVE-2026-004 and TROVE-2025-015) were
discovered in Tor, a connection-based low-latency anonymous
communication system, which could result in denial of service.

For the oldstable distribution (bookworm), this problem has been fixed
in version 0.4.9.6-0+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 0.4.9.6-0+deb13u1.

We recommend that you upgrade your tor packages.

For the detailed security status of tor please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tor

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnSzLIACgkQEMKTtsN8
TjZn3g//WlKPrjl2g/fyYLgJcDRwQxE2jm5HWAM3ku+97DrJNpQQcOQIumEmfuMP
zK3J+9JvuSNVzP71T3PUPy09FyFUQZjMtTHOK3tQ/WzukZ0bCLeew+N9s2Nf+64l
cqNXMBOBReEzkPqI8Zg7r+YdglURhyDyeJhGvA/hcyAf0G96h2Oan9Un20uxg6MZ
PiU0oECyUo9VuOINRgJ2YwU+h6QGmUx8SSlQGPhcPB7RygMIy3369BQwqD5LACeK
DcBbnyrwvZWhMRRzsGg9SeS5pzqV0MDEPrLPjtZTltlRAsU4M7iGHrKzaiA+hHAK
y9/I29HUEKvWxCqSdm2myQaJmRNViB7XNf9rPYivajSDPaZISTtaSlECz7dCdQSw
mA4l8evHVEJOuKIjFPEtVspxBE87hk/ZQehgPyLWAGwTjkL6Ixn+opnVAJfS99eG
IOYNwaINiC3AUXhZsr/PvMwLsWqE207x66RxunXBjxoy3Ib6myX5TJH0kvZEvl2H
GGwimwV9yBysCwywqDViMvd1ywFc3XEagpxx79zVEY9zM65mPSsRVYSn3frU1cSo
pgj8Wby49R533G7bJBfATGXIYoRQ85K+YIEbElDN1wJN7lCG0hZrPrHu0v2Svs2T
d7ny7jCBm0HzgIVWIPIFEwUjVxULyoXi1H2MGQHZS5yqBpsXXJQ=
=43IA
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds