UbuntuUpdates.org

Package "tor"


Moved to artful:universe:updates


Name: tor

Description:

anonymizing overlay network for TCP

Latest version: *DELETED*
Release: artful (17.10)
Level: proposed
Repository: universe
Homepage: https://www.torproject.org/

Links

Save this URL for the latest version of "tor": https://www.ubuntuupdates.org/tor


Download "tor"


Other versions of "tor" in Artful

Repository Area Version
base universe 0.3.0.10-1
updates universe 0.3.0.13-0ubuntu1~17.10.1
PPA: Tor 0.3.2.9-1~artful+1

Packages in group

Deleted packages are displayed in grey.

tor-geoipdb

Changelog

Version: *DELETED* 2018-02-21 23:08:52 UTC
Moved to artful:universe:updates
No changelog for deleted or moved packages.

Version: 0.3.0.13-0ubuntu1~17.10.1 2018-02-14 02:06:19 UTC

  tor (0.3.0.13-0ubuntu1~17.10.1) artful; urgency=medium

  [ Peter Palfrader ]
  * Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
    causing all errors while switching to the new apparmor profile to
    be ignored. This is not ideal, but for now it's probably the
    best solution. Thanks to intrigeri; closes: #880490.

  [ Simon Deziel ]
  * New upstream version: 0.3.0.13 (LP: #1731698)
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  * New upstream version: 0.3.0.12
    - Directory authority changes
  * New upstream version: 0.3.0.11
    - Fix TROVE-2017-008: Stack disclosure in hidden services logs when
      SafeLogging disabled (CVE-2017-0380)
  * debian/rules: stop overriding micro-revision.i

1731698 [SRU] Tor 0.2.9.14 and 0.3.0.13
880490 tor: Does not start when the AppArmor LSM is enabled but the apparmor package is not installed - Debian Bug report logs
CVE-2017-8821 In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can
CVE-2017-8820 In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers
CVE-2017-8819 In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache
CVE-2017-8823 In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-a
CVE-2017-8822 In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that hav
CVE-2017-0380 The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x bef



About   -   Send Feedback to @ubuntu_updates