Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
0.2.5.12 is the latest version from the repo. Im assuming I should pull down the source and compile it.
Thanks for the update, my main relay was vulnerable but i've patched it
now to 0.2.8.9.
My Raspberry Pi is running 0.2.5.12 -- is that ok?
If your version is from before 2016-10-17, your relay is vulnerable.
To be sure you should be running 0.2.8.9.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, 26 Oct 2016, Alan wrote:
0.2.5.12 is the latest version from the repo. Im assuming I should pull down the source and compile it.
Depends on the repo. If you provided a little more information we'd be able to sy more.
On Wed, Oct 26, 2016 at 5:54 AM, Peter Palfrader weasel@torproject.org wrote:
On Wed, 26 Oct 2016, Alan wrote:
0.2.5.12 is the latest version from the repo. Im assuming I should pull down the source and compile it.
Depends on the repo. If you provided a little more information we'd be able to sy more.
If you're using Debian jessie, you can get an 0.2.8.9 package from either backports or the torproject.org repository. I went with backports because that let me also pick up a much newer openssl.
zw
Thanks for the advice, I added torproject.org repo and it upgraded to 0.2.8.9
Alan
On Wed, Oct 26, 2016 at 5:54 AM, Peter Palfrader weasel@torproject.org wrote:
On Wed, 26 Oct 2016, Alan wrote:
0.2.5.12 is the latest version from the repo. Im assuming I should pull down the source and compile it.
Depends on the repo. If you provided a little more information we'd be able to sy more.
If you're using Debian jessie, you can get an 0.2.8.9 package from either backports or the torproject.org repository. I went with backports because that let me also pick up a much newer openssl.
zw _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, 26 Oct 2016, at 02:04 PM, Zack Weinberg wrote:
If you're using Debian jessie, you can get an 0.2.8.9 package from either backports or the torproject.org repository. I went with backports because that let me also pick up a much newer openssl.
zw
Zack,
Interesting, I too recently upgraded to the backports version of tor but didn't think to do openssl too. The current versions as far as I can tell are:
jessie, 1.0.1t-1+deb8u5 (https://packages.debian.org/jessie/openssl) jessie-backports, 1.0.2j-1~bpo8+1 (https://packages.debian.org/jessie-backports/openssl)
Is there such a big difference between these?
Louie
On Wed, 26 Oct 2016, Zack Weinberg wrote:
On Wed, Oct 26, 2016 at 5:54 AM, Peter Palfrader weasel@torproject.org wrote:
On Wed, 26 Oct 2016, Alan wrote:
0.2.5.12 is the latest version from the repo. Im assuming I should pull down the source and compile it.
Depends on the repo. If you provided a little more information we'd be able to sy more.
If you're using Debian jessie, you can get an 0.2.8.9 package from either backports or the torproject.org repository.
Or one could stay with stable, which has also fixed this bug.
tor-relays@lists.torproject.org
-
Alan -
Louie Cardone-Noott -
Peter Palfrader -
Zack Weinberg