Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1021
tor security update
23 March 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: tor
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2020-10592
Original Bulletin:
http://www.debian.org/security/2020/dsa-4644
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4644-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : tor
CVE ID : CVE-2020-10592
A denial of service vulnerability (by triggering high CPU consumption)
was found in Tor, a connection-based low-latency anonymous communication
system.
For the stable distribution (buster), this problem has been fixed in
version 0.3.5.10-1.
For the oldstable distribution (stretch), support for tor is now
discontinued. Please upgrade to the stable release (buster) to continue
receiving tor updates.
We recommend that you upgrade your tor packages.
For the detailed security status of tor please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tor
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl51J0UACgkQEMKTtsN8
TjbCyRAAo5HX1d9jfiI94tuEr5RONpvgndYTzvYuz1OulPKY23PBNm9H0doOaUDR
SYrGa5rlRlCqzMzCrs5sdcBq1ayoeBcA0rEcZPR/iJV6MVeb7d8fGH24kC9k6wfu
NsUsWxzaUbKeEZJicguCaYr9mJB5e8ha7MYrCFVqDBPjZfalov55jXu74UKS1mGA
6C4yCWdrAyXbsytFM76GpCZG9DsyhyTofdOPuzCPBdhrVDSE9MxxvoMPPMdhYSXP
AJ5YLVeAcJEYS8DmVlyN9X+UQojFB/zduIkHKd4YYIDXfaD6j38E4S4qMRv246g9
+iazxU73OdSb6XUaZFRfYn4+5pcxNSvwFWrzdkI50ysv+iemh1GQcA0nnog4DfyT
0pSHks9BixWn2G5fT20t4bpwnPztTm//iSI1nYiTuU87Q6saWgeyOZMhTuPrfnCd
ud/3aLtD2P/aAKb27dff9GFrqgCgBkq8zpXXh1hUO70/58kvKc6Fac95arPCusRq
rI1Xw53lKzXRcpHj/AGIKiv+OMg10GeyH24EhJWkqRElfAbGZzKeBwoIpIgv1PaR
q43v+qpUGMCTcj//3SSRVQp3zVmN89MQEFIsfEFwpF/kBorQ/O9YDHOZTE9D3ofs
YeMivdQ0PEOJ/EdtRkouc5FGKtSYH0KPtYj18r4tqeZsYH5+rRQ=
=rxtN
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXnhYLWaOgq3Tt24GAQhGDBAA2rvddoDfEzXUymaJfAGAfvrUK4ud5J6n
5dj93nv+B1XeMq6m3sDHo5af79ZlHRYfjQ4gMBInHTl3OTZiRC1cIf/U5XJYv4i5
QzJySBPr6yPgAxwXVIMppmKisCf+oD/wsG2ZoPobJ7IbJCmELka7tm7VFXIEoDOq
EbEKogQZyYXrP40TL8+aQDWFXGUnWSFlFZTV0Uaszvaz+izzlQnw9TmzgW7Eip81
+raxwTeKO3+bO1CnqFuAxblnjsvoMIcDHv/tVNbuCBteuQFP1PfqBA7HcrLYMCCn
rq9VTPlMlhZbsZczw9B/vAlTCKxaqqmYi0OLSzRDloqfsTBJalidPdkNr8izyK9P
aKMGOqIFyKm8KdLYjabtBMR5boCHPQKtx4DdLxSDtq2WI6/WBMH4TPs6//d3dehY
EUrp7FX3QNJcwBiZl8Y98yMcHMy4PaqY/YhzEQmEwg+wBG2Of4bXnRrWPIrkYgiC
jQp7+MmoJrkCy4/Au8+f2jarlSlQoS5BCqfK0/keylMCX8DLfx4VjuZuZ/m7i4m5
EC0KWlT00P8Gaeq/o/MrpGjw/Idn9+LN24pLfThBLSY8P1eCma1g75hjvj00VlsW
6l3zytMWDHYhDKOavoxG6aD8t3zDpNcIZBFSQti6gmkOP1T8S0sMHnPtLTuwxM8K
49wTT9yr+vQ=
=/EGj
-----END PGP SIGNATURE-----