[tor-relays-fr] Fwd: [tor-relays] Security advisory: Please upgrade to today's OpenSSL.
Chre
tor at renaudineau.org
Jeu 25 Mar 16:34:07 UTC 2021
Bonjour à toutes et tous,
Je vous fait suivre cette info si vous l'avez manquée, il faut mettre à
jour OpenSSL sur vos serveurs Tor :)
-------- Courriel original --------
Objet: [tor-relays] Security advisory: Please upgrade to today's
OpenSSL.
Date: 2021-03-25 14:15
De: Nick Mathewson <nickm at torproject.org>
À: tor-relays at lists.torproject.org
Répondre à: tor-relays at lists.torproject.org
Hi, all!
There is a new version of OpenSSL out today, with a security advisory
that affects Tor. The vulnerability is CVE-2021-3449, as described on
https://www.openssl.org/news/secadv/20210325.txt . It affects OpenSSL
versions 1.1.1 through 1.1.1j. OpenSSL 1.1.1k is the first version
with a fix.
I haven't tested this bug, but I believe that it would allow an
adversary to remotely crash Tor relays and authorities. It won't have
any effect on Tor clients.
I suggest that everybody should upgrade to the latest OpenSSL when it
becomes available on their platform.
best wishes,
--
Chre
More information about the tor-relays-fr
mailing list