Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1021 tor security update 23 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tor Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-10592 Original Bulletin: http://www.debian.org/security/2020/dsa-4644 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4644-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : tor CVE ID : CVE-2020-10592 A denial of service vulnerability (by triggering high CPU consumption) was found in Tor, a connection-based low-latency anonymous communication system. For the stable distribution (buster), this problem has been fixed in version 0.3.5.10-1. For the oldstable distribution (stretch), support for tor is now discontinued. Please upgrade to the stable release (buster) to continue receiving tor updates. We recommend that you upgrade your tor packages. For the detailed security status of tor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tor Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl51J0UACgkQEMKTtsN8 TjbCyRAAo5HX1d9jfiI94tuEr5RONpvgndYTzvYuz1OulPKY23PBNm9H0doOaUDR SYrGa5rlRlCqzMzCrs5sdcBq1ayoeBcA0rEcZPR/iJV6MVeb7d8fGH24kC9k6wfu NsUsWxzaUbKeEZJicguCaYr9mJB5e8ha7MYrCFVqDBPjZfalov55jXu74UKS1mGA 6C4yCWdrAyXbsytFM76GpCZG9DsyhyTofdOPuzCPBdhrVDSE9MxxvoMPPMdhYSXP AJ5YLVeAcJEYS8DmVlyN9X+UQojFB/zduIkHKd4YYIDXfaD6j38E4S4qMRv246g9 +iazxU73OdSb6XUaZFRfYn4+5pcxNSvwFWrzdkI50ysv+iemh1GQcA0nnog4DfyT 0pSHks9BixWn2G5fT20t4bpwnPztTm//iSI1nYiTuU87Q6saWgeyOZMhTuPrfnCd ud/3aLtD2P/aAKb27dff9GFrqgCgBkq8zpXXh1hUO70/58kvKc6Fac95arPCusRq rI1Xw53lKzXRcpHj/AGIKiv+OMg10GeyH24EhJWkqRElfAbGZzKeBwoIpIgv1PaR q43v+qpUGMCTcj//3SSRVQp3zVmN89MQEFIsfEFwpF/kBorQ/O9YDHOZTE9D3ofs YeMivdQ0PEOJ/EdtRkouc5FGKtSYH0KPtYj18r4tqeZsYH5+rRQ= =rxtN - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXnhYLWaOgq3Tt24GAQhGDBAA2rvddoDfEzXUymaJfAGAfvrUK4ud5J6n 5dj93nv+B1XeMq6m3sDHo5af79ZlHRYfjQ4gMBInHTl3OTZiRC1cIf/U5XJYv4i5 QzJySBPr6yPgAxwXVIMppmKisCf+oD/wsG2ZoPobJ7IbJCmELka7tm7VFXIEoDOq EbEKogQZyYXrP40TL8+aQDWFXGUnWSFlFZTV0Uaszvaz+izzlQnw9TmzgW7Eip81 +raxwTeKO3+bO1CnqFuAxblnjsvoMIcDHv/tVNbuCBteuQFP1PfqBA7HcrLYMCCn rq9VTPlMlhZbsZczw9B/vAlTCKxaqqmYi0OLSzRDloqfsTBJalidPdkNr8izyK9P aKMGOqIFyKm8KdLYjabtBMR5boCHPQKtx4DdLxSDtq2WI6/WBMH4TPs6//d3dehY EUrp7FX3QNJcwBiZl8Y98yMcHMy4PaqY/YhzEQmEwg+wBG2Of4bXnRrWPIrkYgiC jQp7+MmoJrkCy4/Au8+f2jarlSlQoS5BCqfK0/keylMCX8DLfx4VjuZuZ/m7i4m5 EC0KWlT00P8Gaeq/o/MrpGjw/Idn9+LN24pLfThBLSY8P1eCma1g75hjvj00VlsW 6l3zytMWDHYhDKOavoxG6aD8t3zDpNcIZBFSQti6gmkOP1T8S0sMHnPtLTuwxM8K 49wTT9yr+vQ= =/EGj -----END PGP SIGNATURE-----