MGASA-2016-0356 Updated tor packages fix security vulnerability

It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string. This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority CVE-2016-8860. The tor package has been updated to version 0.2.8.9, which fixes...

MGASA-2014-0059 Updated tor package fixes security vulnerability

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to...