tor - new upstream version

2014-07-3100:00:00

Google

osv.dev

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

The Tor version previously in Debian squeeze, 0.2.2.39, is no longer
supported by upstream.

This update brings the currently stable version of Tor, 0.2.4.23, to
Debian squeeze.

Changes include use of stronger cryptographic primitives, always
clearing bignums before freeing them to avoid leaving key material in
memory, mitigating several linkability vectors such as by disabling
client-side DNS caches, blacklisting authority signing keys potentially
compromised due to heartbleed, updating the list of directory
authorities, and much more.

We recommend that you upgrade your tor packages.

For Debian 6 Squeeze, these issues have been fixed in tor version 0.2.4.23-1~deb6u1

CPENameOperatorVersion
toreq0.2.3.14-alpha-1
toreq0.2.2.5-alpha-1
toreq0.2.2.1-alpha-1
toreq0.2.3.15-alpha-1
toreq0.2.2.13-alpha-1
toreq0.2.4.22-1
toreq0.2.4.12-alpha-2
toreq0.2.2.33-1~bpo60+1
toreq0.2.2.11-alpha-1
toreq0.2.2.9-alpha-1

Name	Operator	Version
tor	eq	0.2.3.14-alpha-1
tor	eq	0.2.2.5-alpha-1
tor	eq	0.2.2.1-alpha-1
tor	eq	0.2.3.15-alpha-1
tor	eq	0.2.2.13-alpha-1
tor	eq	0.2.4.22-1
tor	eq	0.2.4.12-alpha-2
tor	eq	0.2.2.33-1~bpo60+1
tor	eq	0.2.2.11-alpha-1
tor	eq	0.2.2.9-alpha-1