Last openssl update for Ubuntu breaks Tor
Ted Smith
teddks at gmail.com
Thu Dec 9 18:40:04 UTC 2010
On Thu, 2010-12-09 at 19:02 +0100, ml at kairaven.de wrote:
> Hi,
>
> i have/had problems with Tor 0.2.2.19-alpha and 0.2.1.27 (recompiled) after
> the last openssl update under Ubuntu Maverick according "Ubuntu Security
> Notice USN-1029-1, December 08, 2010, openssl vulnerabilities, CVE-2008-7270,
> CVE-2010-4180".
>
> Both Tor versions crash with core dumps and the last line in info.log is:
> "[info] cpuworker_main(): CPU worker exiting because Tor process closed
> connection (either rotated keys or died)."
I'm running "Tor version 0.2.1.27 (r5e842d29f970dcaa).", and have this
version of OpenSSL installed on Ubuntu: "0.9.8o-1ubuntu4.3". The
changelog mentions the CVE you refer to:
> openssl (0.9.8o-1ubuntu4.3) maverick-security; urgency=low
>
> * SECURITY UPDATE: ciphersuite downgrade vulnerability
> - openssl-CVE-2010-4180-secadv_20101202-0.9.8.patch:
> disable workaround for Netscape cipher suite bug in ssl/s3_clnt.c
> and ssl/s3_srvr.c
> - CVE-2010-4180
>
> -- Steve Beattie <sbeattie at ubuntu.com> Thu, 02 Dec 2010 16:24:31 -0800
However, I haven't experienced any problems with Tor. As far as I am
aware, nothing is unique about my setup -- just the default Tor install
with the default Ubuntu Maverick amd64 install.
Are we running the same versions of everything? Maybe the problem is
somewhere else (like your chroot setup)?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20101209/57c619d9/attachment.pgp>
More information about the tor-talk
mailing list