[tor-relays] CVE-2015-7547 Tor network stats

Josef 'veloc1ty' Stautner hello at veloc1ty.de
Tue Feb 23 07:04:57 UTC 2016


Hi,

you say that 64% of the guard relays and 51% of the exit relaysare are
unpatched ? That's horrible!

~Josef

Am 22.02.2016 um 23:44 schrieb nusenu:
> Hi,
>
> if we assume for simplicity that every relay running Linux that has not
> rebooted since 2016-02-16 is vulnerable to CVE-2015-7547, than these are
> the current stats (optimistic, because we assume that everyone that
> rebooted did also update).
>
> Vulnerable relays:
>
> +------------+------------------+-----------------+
> | cwfraction | guardprobability | exitprobability |
> +------------+------------------+-----------------+
> |      0.586 |            0.639 |           0.518 |
> +------------+------------------+-----------------+
> (1=100%)
>
> Apply patches and reboot.
>
> Debian
> https://www.debian.org/security/2016/dsa-3481
>
> RHEL/CentOS
> https://rhn.redhat.com/errata/RHSA-2016-0176.html
>
> Ubuntu
> http://www.ubuntu.com/usn/usn-2900-1/
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160223/356aa87c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160223/356aa87c/attachment-0001.sig>


More information about the tor-relays mailing list