Hello exit node operators!
Today (2023-12-08) the Network Team has released a new Tor version, 0.4.8.10[1]. This update contains a fix to a remotely triggerable crash bug (TROVE-2023-007) affecting exit relays on the 0.4.8.x series. Please upgrade as soon as possible to maintain network stability and security if your relays are on that series.
For those of you running their Tor relays using the Tor Debian repository, expect a new deb package to be available soon.
Please note that this bug is specific to Tor exit relays on the 0.4.8.x series and does not impact other relays nor Tor clients or Tor powered apps (Tor Browser, Orbot, OnionShare).
Thanks, Georg
[1] https://forum.torproject.org/t/security-release-0-4-8-10/10536
And epel repo for Centos and Almalinux pretty please...
On 12/8/2023 3:20 PM, Georg Koppen wrote:
Hello exit node operators!
Today (2023-12-08) the Network Team has released a new Tor version, 0.4.8.10[1]. This update contains a fix to a remotely triggerable crash bug (TROVE-2023-007) affecting exit relays on the 0.4.8.x series. Please upgrade as soon as possible to maintain network stability and security if your relays are on that series.
For those of you running their Tor relays using the Tor Debian repository, expect a new deb package to be available soon.
Please note that this bug is specific to Tor exit relays on the 0.4.8.x series and does not impact other relays nor Tor clients or Tor powered apps (Tor Browser, Orbot, OnionShare).
Thanks, Georg
[1] https://forum.torproject.org/t/security-release-0-4-8-10/10536
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
We would appreciate if the tor project could coordinate better with deb.torproject.org debian package updates to reduce the time between a release and the availability of packages on deb.torproject.org.
tor-relays@lists.torproject.org
-
applied-privacy.net -
Chris Enkidu-6 -
Georg Koppen