Package "tor"
Name: |
tor
|
Description: |
anonymizing overlay network for TCP
|
Latest version: |
0.2.9.14-1ubuntu1~16.04.3 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
https://www.torproject.org/ |
Links
Download "tor"
Other versions of "tor" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
tor (0.2.9.14-1ubuntu1~16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: Remote crash attack against directory authorities.
- debian/patches/CVE-2018-0490.patch: Correctly handle NULL returns
from parse_protocol_list when voting.
- CVE-2018-0490
-- Eduardo Barretto <email address hidden> Thu, 22 Nov 2018 13:37:42 -0200
|
Source diff to previous version |
CVE-2018-0490 |
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotoc |
|
tor (0.2.9.14-1ubuntu1~16.04.2) xenial-security; urgency=medium
* No-change rebuild for the security pocket.
-- Seth Arnold <email address hidden> Wed, 28 Feb 2018 14:47:47 -0800
|
Source diff to previous version |
tor (0.2.9.14-1ubuntu1~16.04.1) xenial; urgency=medium
[ Peter Palfrader ]
* apparmor: use Pix instead of PUx for obfs4proxy, giving us
better confinement of the child process while actually working
with systemd's NoNewPrivileges. (closes: #867342)
* Do not rely on aa-exec and aa-enabled being in /usr/sbin in the
SysV init script. This change enables apparmor confinement
on some system-V systems again. (closes: #869153)
* Update apparmor profile: replace CAP_DAC_OVERRIDE with
CAP_DAC_READ_SEARCH to match the systemd capability bounding set
changed with 0.3.0.4-rc-1. This change will allow tor to start
again under apparmor if hidden services are configured.
Patch by intrigeri. (closes: #862993)
* Replace CAP_DAC_OVERRIDE with CAP_DAC_READ_SEARCH in systemd's service
capability bounding set. Read access is sufficient for Tor (as root on
startup) to check its onion service directories (see #847598).
* Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
causing all errors while switching to the new apparmor profile to
be ignored. This is not ideal, but for now it's probably the
best solution. Thanks to intrigeri; closes: #880490.
[ Simon Deziel ]
* Backport 0.2.9.14 to 16.04 (LP: #1731698)
* debian/rules: stop overriding micro-revision.i
* debian/control: drop build-conflicts
* debian/control: Limit the seccomp build-dependency to [amd64 i386 x32 armel armhf]
* Resync with Debian Stretch
|
Source diff to previous version |
1731698 |
[SRU] Tor 0.2.9.14 and 0.3.0.13 |
867342 |
tor: /usr/bin/obfs4proxy fails to load under default combination of apparmor execution permission PUx and systemd NoNewPrivileges=Yes hardening - Deb |
869153 |
tor: CVE-2017-11565: aa-exec is not longer in /usr/sbin and now apparmor is silently scraped - Debian Bug report logs |
862993 |
tor: Does not start with AppArmor enabled and hidden service directory owned by non-root - Debian Bug report logs |
880490 |
tor: Does not start when the AppArmor LSM is enabled but the apparmor package is not installed - Debian Bug report logs |
|
No changelog available yet.
|
About
-
Send Feedback to @ubuntu_updates