8 matches found
[ASA-201707-8] tor: session hijacking
Arch Linux Security Advisory ASA-201707-8 ========================================= Severity: Medium Date : 2017-07-11 CVE-ID : CVE-2017-0377 Package : tor Type : session hijacking Remote : Yes Link : https://security.archlinux.org/AVG-336 Summary ======= The package tor before version 0.3.0.9-1 ...
Security fix for the ALT Linux 8 package tor version 0.3.0.9-alt1.M80P.1
0.3.0.9-alt1.M80P.1 built July 3, 2017 Anton Farygin in task 184902 June 30, 2017 Vladimir Didenko - new version Fixes: CVE-2017-0377...
CVE-2017-0377
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...
CVE-2017-0377
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...
CVE-2017-0377
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...
CVE-2017-0377
CVE-2017-0377 affects Tor 0.3.x before 0.3.0.9. The guard-selection algorithm incorrectly considers only the exit relay (not the exit relay’s family), which can allow an attacker to compromise anonymity by exploiting large family structures. The mitigation is upgrading to upstream version 0.3.0.9...
CVE-2017-0377
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...
CVE-2017-0377
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...