[tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
John Ricketts
john at quintex.com
Wed Oct 26 07:37:45 UTC 2016
Markus, I'm too damn old to type that accurately, My hands shake from old mechanical keyboards and my eyes are irradiated from old Wyse 50 terminals...
> On Oct 26, 2016, at 02:31, Markus Koch <niftybunny at googlemail.com> wrote:
>
> I did it like a real man, just me hands and putty without any bash scripts and these modern devil tools!
>
> markus
>
>
> Sent from my iPad
>
>> On 26 Oct 2016, at 09:18, John Ricketts <john at quintex.com> wrote:
>>
>> I feel you Markus, I did 24. I wrote a bash script to update/upgrade/reboot.
>>
>>> On Oct 26, 2016, at 02:17, Markus Koch <niftybunny at googlemail.com> wrote:
>>>
>>> 32 relays updated (Debian + Tor compiled to latest version)
>>>
>>> I am getting too old for this without a server management system ....
>>>
>>> Markus
>>>
>>>
>>>
>>>
>>> 2016-10-25 23:48 GMT+02:00 nusenu <nusenu at openmailbox.org>:
>>>> just a reminder since most of the tor network (including some of the
>>>> biggest operators) still runs vulnerable relays
>>>>
>>>> https://blog.torproject.org/blog/tor-0289-released-important-fixes
>>>>
>>>>
>>>> Since 2/3 directory authorities removed most vulnerable versions from
>>>> their 'recommended versions' you should see a log entry if you run
>>>> outdated versions (except if you run 0.2.5.12).
>>>>
>>>>
>>>> It is not possible to reliable determine the exact CW fraction
>>>> affected[1] due to the fact that patches were released that didn't
>>>> increase tor's version number.
>>>> Therefore it is also possible that you get log entries even if you run a
>>>> patched version (IMHO this hasn't been handled in the most professional
>>>> way).
>>>>
>>>>
>>>> Update instructions
>>>>
>>>> Debian/Ubuntu
>>>> ==============
>>>>
>>>> make sure you use the Torproject repository:
>>>> https://www.torproject.org/docs/debian.html.en
>>>>
>>>> (you can also use the debian repository but the Torproject's repo will
>>>> provide you with the latest releases)
>>>>
>>>>
>>>> aptitude update && aptitude install tor
>>>>
>>>>
>>>> CentOS/RHEL/Fedora
>>>> ===================
>>>>
>>>> yum install --enablerepo=epel-testing tor
>>>>
>>>>
>>>> FreeBSD
>>>> ============
>>>>
>>>> pkg update
>>>> pkg upgrade
>>>>
>>>> OpenBSD
>>>> ===========
>>>>
>>>> pkg_add -u tor
>>>>
>>>>
>>>> Windows
>>>> ========
>>>>
>>>> No updated binaries available for this platform yet.
>>>>
>>>>
>>>>
>>>>
>>>> [1] as of 2016-10-25 18:00 (onionoo data)
>>>> conservative estimate
>>>> ----------------------
>>>> (counts only 0.2.8.9 and 0.2.9.4-alpha as patched)
>>>> 31% CW fraction patched
>>>>
>>>> optimistic estimate
>>>> -------------------
>>>> (additionally assumes every non-Windows running 0.2.4.27, 0.2.5.12,
>>>> 0.2.6.10, 0.2.7.6 that restarted since 2016-10-17 is patched):
>>>> 43% CW fraction patched
>>>>
>>>>
>>>> _______________________________________________
>>>> tor-relays mailing list
>>>> tor-relays at lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list