GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Oct 18, 2011 7:26 pm Post subject: [ GLSA 201110-13 ] Tor: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Tor: Multiple vulnerabilities (GLSA 201110-13)
Severity: high
Exploitable: remote
Date: October 18, 2011
Bug(s): #351920, #359789
ID: 201110-13
Synopsis
Multiple vulnerabilities were found in Tor, the most severe of
which may allow a remote attacker to execute arbitrary code.
Background
Tor is an implementation of second generation Onion Routing, a
connection-oriented anonymizing communication service.
Affected Packages
Package: net-misc/tor
Vulnerable: < 0.2.1.30
Unaffected: >= 0.2.1.30
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Tor. Please review the
CVE identifiers referenced below for details.
Impact
A remote unauthenticated attacker may be able to execute arbitrary code
with the privileges of the Tor process or create a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Tor users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30"
|
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since April 2, 2011. It is likely that your system is already
no longer affected by this issue.
References
CVE-2011-0015
CVE-2011-0016
CVE-2011-0427
CVE-2011-0490
CVE-2011-0491
CVE-2011-0492
CVE-2011-0493
CVE-2011-1924 |
|
News & Announcements
