[MacPorts] #52654: tor updated to 0.2.8.9 (includes security fix)

MacPorts noreply at macports.org
Wed Oct 19 16:19:04 CEST 2016 

#52654: tor updated to 0.2.8.9 (includes security fix)
-----------------------------+---------------------------------
  Reporter:  macports.org@…  |      Owner:  macports-tickets@…
      Type:  update          |     Status:  closed
  Priority:  Normal          |  Milestone:
 Component:  ports           |    Version:
Resolution:  fixed           |   Keywords:  haspatch maintainer
      Port:  tor             |
-----------------------------+---------------------------------
Description changed by larryv@…:

Old description:

> Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
>   that would allow a remote attacker to crash a Tor client, hidden
>   service, relay, or authority. All Tor users should upgrade to this
>   version, or to 0.2.8.9. Patches will be released for older versions
>   of Tor.
>
>   o Major features (security fixes):
>     - Prevent a class of security bugs caused by treating the contents
>       of a buffer chunk as if they were a NUL-terminated string. At
>       least one such bug seems to be present in all currently used
>       versions of Tor, and would allow an attacker to remotely crash
>       most Tor instances, especially those compiled with extra compiler
>       hardening. With this defense in place, such bugs can't crash Tor,
>       though we should still fix them as they occur. Closes ticket
>       20384 (TROVE-2016-10-001).

New description:

 https://blog.torproject.org/blog/tor-0289-released-important-fixes

 > Tor 0.2.8.9 backports a fix for a security hole in previous versions
 > of Tor that would allow a remote attacker to crash a Tor client,
 > hidden service, relay, or authority. All Tor users should upgrade to
 > this version, or to 0.2.9.4-alpha. Patches will be released for older
 > versions of Tor.
 >
 > - Major features (security fixes):
 >   - Prevent a class of security bugs caused by treating the contents
 >     of a buffer chunk as if they were a NUL-terminated string. At
 >     least one such bug seems to be present in all currently used
 >     versions of Tor, and would allow an attacker to remotely crash
 >     most Tor instances, especially those compiled with extra compiler
 >     hardening. With this defense in place, such bugs can't crash Tor,
 >     though we should still fix them as they occur. Closes ticket
 >     [https://bugs.torproject.org/20384 20384] (TROVE-2016-10-001).

--

-- 
Ticket URL: <https://trac.macports.org/ticket/52654#comment:2>
MacPorts <https://www.macports.org/>
Ports system for the Mac operating system

More information about the macports-tickets mailing list