[tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
John Ricketts
john at quintex.com
Wed Oct 26 07:18:46 UTC 2016
I feel you Markus, I did 24. I wrote a bash script to update/upgrade/reboot.
> On Oct 26, 2016, at 02:17, Markus Koch <niftybunny at googlemail.com> wrote:
>
> 32 relays updated (Debian + Tor compiled to latest version)
>
> I am getting too old for this without a server management system ....
>
> Markus
>
>
>
>
> 2016-10-25 23:48 GMT+02:00 nusenu <nusenu at openmailbox.org>:
>> just a reminder since most of the tor network (including some of the
>> biggest operators) still runs vulnerable relays
>>
>> https://blog.torproject.org/blog/tor-0289-released-important-fixes
>>
>>
>> Since 2/3 directory authorities removed most vulnerable versions from
>> their 'recommended versions' you should see a log entry if you run
>> outdated versions (except if you run 0.2.5.12).
>>
>>
>> It is not possible to reliable determine the exact CW fraction
>> affected[1] due to the fact that patches were released that didn't
>> increase tor's version number.
>> Therefore it is also possible that you get log entries even if you run a
>> patched version (IMHO this hasn't been handled in the most professional
>> way).
>>
>>
>> Update instructions
>>
>> Debian/Ubuntu
>> ==============
>>
>> make sure you use the Torproject repository:
>> https://www.torproject.org/docs/debian.html.en
>>
>> (you can also use the debian repository but the Torproject's repo will
>> provide you with the latest releases)
>>
>>
>> aptitude update && aptitude install tor
>>
>>
>> CentOS/RHEL/Fedora
>> ===================
>>
>> yum install --enablerepo=epel-testing tor
>>
>>
>> FreeBSD
>> ============
>>
>> pkg update
>> pkg upgrade
>>
>> OpenBSD
>> ===========
>>
>> pkg_add -u tor
>>
>>
>> Windows
>> ========
>>
>> No updated binaries available for this platform yet.
>>
>>
>>
>>
>> [1] as of 2016-10-25 18:00 (onionoo data)
>> conservative estimate
>> ----------------------
>> (counts only 0.2.8.9 and 0.2.9.4-alpha as patched)
>> 31% CW fraction patched
>>
>> optimistic estimate
>> -------------------
>> (additionally assumes every non-Windows running 0.2.4.27, 0.2.5.12,
>> 0.2.6.10, 0.2.7.6 that restarted since 2016-10-17 is patched):
>> 43% CW fraction patched
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list