Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Tor: Multiple vulnerabilities — GLSA 202003-50

Multiple vulnerabilities were found in Tor, the worst of which could allow remote attackers to cause a Denial of Service condition.

Affected packages

Package net-vpn/tor on all architectures
Affected versions < 0.4.2.7
Unaffected versions revision >= 0.4.1.9
revision >= 0.4.2.7

Background

Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.

Description

Multiple vulnerabilities have been discovered in Tor, and tor. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Tor 0.4.1.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.1.9"

All Tor 0.4.2.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.2.7"

References

Release date
March 25, 2020

Latest revision
March 25, 2020: 1

Severity
low

Exploitable
remote

Bugzilla entries