Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0163 A vulnerability has been identified in Tor 27 November 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tor Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade Member content until: Thursday, December 27 2012 OVERVIEW A vulnerability has been identified in Tor prior to version 0.2.3.25. IMPACT The vendor has provided the following information regarding this vulnerability: "Fix a denial of service attack by which any directory authority could crash all the others, or by which a single v2 directory authority could crash everybody downloading v2 directory information." [1] MITIGATION The vendor recommends upgrading to the latest version of Tor to correct this issue. [1] REFERENCES [1] ReleaseNotes https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBULQm2e4yVqjM2NGpAQKdBQ/+JG0j5IWOXZTI7ABIR44o0lfJZ0OlvLLR 3Oxs1GYBWpOv0986bq242pSCLxWSlvVYv4u3H0yjMltnWwx9eEc+KV/3rJLkRKVx Is0+fR8sjP4AorNXkkmztkGgO5cAtpQ7aNu72jfzkd/spIP9fgF39NgSQ3O3j05p PMlDx2QbJlubka6IsbhR8hX0n1xW3hdylTk72BsCFzyP5Iw43J6LW4HBrkCj8cMz c8qL+Xt56kCifQNOI8yn6vkVVjQ3QJdtHy33QmO8zMMAB5PSFpq6aKuu4IzJW4bb lECRAHdnUalHDA5IAgdygD3aLAg3GdG3dUypflCAdB9ip/eohNel8MLIR74FDRw9 bIjt4SNpW9SXFWMdpYGtFVc4zKFHrtRhxrQZq8Ax8FfSMRQ0gHEWE6oyUBUpWN/4 0GUeuTP3LXFb7pRiBW3ZuhYe6EMmEhMQOQql8lroBeXl0LVEwUqcwuWFAsmrRbpf QsJaRmFHywLsWNo87hISty5ysUIX59cesiILRlRkMyC6G5vZFMMRSke45Tvkrk/E RmHuOh4/Kn05RZ7jSwgTCgct7b0WVvEifdilkZKrLxfqie91l0BM6hvMPK6rk+k1 oPUf6wcosIEawYk72ySMSYLfX44EH67iOUJK5OS5SVpJAKhx3K/KlVdizw53gzfx gw75Js0P8Q0= =spiH -----END PGP SIGNATURE-----