[tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Markus Koch
niftybunny at googlemail.com
Wed Oct 26 07:16:33 UTC 2016
32 relays updated (Debian + Tor compiled to latest version)
I am getting too old for this without a server management system ....
Markus
2016-10-25 23:48 GMT+02:00 nusenu <nusenu at openmailbox.org>:
> just a reminder since most of the tor network (including some of the
> biggest operators) still runs vulnerable relays
>
> https://blog.torproject.org/blog/tor-0289-released-important-fixes
>
>
> Since 2/3 directory authorities removed most vulnerable versions from
> their 'recommended versions' you should see a log entry if you run
> outdated versions (except if you run 0.2.5.12).
>
>
> It is not possible to reliable determine the exact CW fraction
> affected[1] due to the fact that patches were released that didn't
> increase tor's version number.
> Therefore it is also possible that you get log entries even if you run a
> patched version (IMHO this hasn't been handled in the most professional
> way).
>
>
> Update instructions
>
> Debian/Ubuntu
> ==============
>
> make sure you use the Torproject repository:
> https://www.torproject.org/docs/debian.html.en
>
> (you can also use the debian repository but the Torproject's repo will
> provide you with the latest releases)
>
>
> aptitude update && aptitude install tor
>
>
> CentOS/RHEL/Fedora
> ===================
>
> yum install --enablerepo=epel-testing tor
>
>
> FreeBSD
> ============
>
> pkg update
> pkg upgrade
>
> OpenBSD
> ===========
>
> pkg_add -u tor
>
>
> Windows
> ========
>
> No updated binaries available for this platform yet.
>
>
>
>
> [1] as of 2016-10-25 18:00 (onionoo data)
> conservative estimate
> ----------------------
> (counts only 0.2.8.9 and 0.2.9.4-alpha as patched)
> 31% CW fraction patched
>
> optimistic estimate
> -------------------
> (additionally assumes every non-Windows running 0.2.4.27, 0.2.5.12,
> 0.2.6.10, 0.2.7.6 that restarted since 2016-10-17 is patched):
> 43% CW fraction patched
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
More information about the tor-relays
mailing list