[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[VUA 74-1] Updated tor version

---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 74-1     http://volatile.debian.org
debian-volatile@lists.debian.org                            Peter Palfrader
November 22nd, 2010
---------------------------------------------------------------------------

Package              : tor
Version              : 0.2.1.26-1~lennyvolatile2 (Lenny)
Importance           : medium

The recent openssl security update in stable (DSA-2125-1), which fixes a
TLS extension parsing race condition, unfortunately also causes a
particular behaviour change in the libssl library.  This change results
in all Tor relays (including bridge relays) running Tor versions 0.2.1.x
or 0.2.2.x to silently cease to work.

The previous version released through lenny-volatile
(0.2.1.26-1~lennyvolatile1) is affected by this problem.

This Debian Volatile update incorporates a patch from the upcoming Tor
0.2.1.27 release which resolves the incompatibility, thus restoring
relay functionality.


We recommend that all Tor relays or bridge relays running Tor 0.2.1.26
on Debian lenny (Debian 5.0, stable) update their Tor package to version
0.2.1.26-1~lennyvolatile2 (now in volatile), or any other similarly
fixed package.


Tor 0.2.0.35 - the version currently in stable - is not affected by this
particular problem, however a different upcoming openssl change will
also break tor 0.2.0.x relays.  Therefore an update to the version in
stable is planned for the near future.


Upgrade Instructions
--------------------

You can get the updated packages at

http://volatile.debian.org/debian-volatile/pool/volatile/main/t/tor

and install them with dpkg, or add the volatile archive for Lenny
to your /etc/apt/sources.list:

 deb http://volatile.debian.org/debian-volatile lenny/volatile main
 deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

You can also use any of our mirrors.  See
`http://www.debian.org/volatile/volatile-mirrors' for the full list of
mirrors.  The archive signing keys were included in Debian Lenny.

For further information about debian-volatile, please refer to
`http://www.debian.org/volatile/'.

If there are any issues, please don't hesitate to get in touch with the
debian-volatile team at `debian-volatile@lists.debian.org'.

Attachment: signature.asc
Description: Digital signature

Reply to: