DSA-2331-1 tor -- severalID: oval:org.secpod.oval:def:600637 | Date: (C)2012-01-30 (M)2022-10-10 |
Class: PATCH | Family: unix |
It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues . Please see this posting from the Tor blog for more information: https://blog.torproject.org/blog/tor-02234-released-security-patches
Platform: |
Debian 5.0 |
Debian 6.0 |