[tor-relays] CVE-2015-7547 Tor network stats

SuperSluether supersluether at gmail.com
Tue Feb 23 02:56:03 UTC 2016


Hi,

My Raspberry Pi and Ubuntu Server already have the updated version of 
libc6. Is a reboot still required? I thought only kernel updates 
required a reboot.

On 02/22/2016 04:44 PM, nusenu wrote:
> Hi,
>
> if we assume for simplicity that every relay running Linux that has not
> rebooted since 2016-02-16 is vulnerable to CVE-2015-7547, than these are
> the current stats (optimistic, because we assume that everyone that
> rebooted did also update).
>
> Vulnerable relays:
>
> +------------+------------------+-----------------+
> | cwfraction | guardprobability | exitprobability |
> +------------+------------------+-----------------+
> |      0.586 |            0.639 |           0.518 |
> +------------+------------------+-----------------+
> (1=100%)
>
> Apply patches and reboot.
>
> Debian
> https://www.debian.org/security/2016/dsa-3481
>
> RHEL/CentOS
> https://rhn.redhat.com/errata/RHSA-2016-0176.html
>
> Ubuntu
> http://www.ubuntu.com/usn/usn-2900-1/
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160222/2f85e1e1/attachment.html>


More information about the tor-relays mailing list