[MacPorts] #52655: tor-devel updated to 0.2.9.4-alpha (includes security fix)
MacPorts
noreply at macports.org
Wed Oct 19 16:20:12 CEST 2016
#52655: tor-devel updated to 0.2.9.4-alpha (includes security fix)
-----------------------------+---------------------------------
Reporter: macports.org@… | Owner: macports-tickets@…
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords: haspatch maintainer
Port: tor-devel |
-----------------------------+---------------------------------
Description changed by larryv@…:
Old description:
> https://blog.torproject.org/blog/tor-0294-alpha-released-important-fixes
>
> > Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
> > that would allow a remote attacker to crash a Tor client, hidden
> > service, relay, or authority. All Tor users should upgrade to this
> > version, or to 0.2.8.9. Patches will be released for older versions of
> > Tor.
> >
> > - Major features (security fixes):
> > - Prevent a class of security bugs caused by treating the contents
> > of a buffer chunk as if they were a NUL-terminated string. At
> > least one such bug seems to be present in all currently used
> > versions of Tor, and would allow an attacker to remotely crash
> > most Tor instances, especially those compiled with extra compiler
> > hardening. With this defense in place, such bugs can't crash Tor,
> > though we should still fix them as they occur. Closes ticket 20384
> > (TROVE-2016-10-001).
New description:
https://blog.torproject.org/blog/tor-0294-alpha-released-important-fixes
> Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
> that would allow a remote attacker to crash a Tor client, hidden
> service, relay, or authority. All Tor users should upgrade to this
> version, or to 0.2.8.9. Patches will be released for older versions of
> Tor.
>
> - Major features (security fixes):
> - Prevent a class of security bugs caused by treating the contents
> of a buffer chunk as if they were a NUL-terminated string. At
> least one such bug seems to be present in all currently used
> versions of Tor, and would allow an attacker to remotely crash
> most Tor instances, especially those compiled with extra compiler
> hardening. With this defense in place, such bugs can't crash Tor,
> though we should still fix them as they occur. Closes ticket
> [https://bugs.torproject.org/20384 20384] (TROVE-2016-10-001).
--
--
Ticket URL: <https://trac.macports.org/ticket/52655#comment:4>
MacPorts <https://www.macports.org/>
Ports system for the Mac operating system
More information about the macports-tickets
mailing list