219941 – Tor < 0.1.1.26 has security problem

Bug 219941 - Tor < 0.1.1.26 has security problem

Summary: Tor < 0.1.1.26 has security problem

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	tor
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Enrico Scholz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	http://archives.seul.org/or/announce/...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-12-17 11:54 UTC by Roozbeh Pournader
Modified:	2007-11-30 22:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:	0.1.1.26-1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-12-18 08:10:57 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Roozbeh Pournader 2006-12-17 11:54:37 UTC

Description of problem:

Tor 0.1.1.26 fixes a serious privacy bug for people who use the
HttpProxyAuthenticator config option: Tor would send your proxy auth
directly to the directory server when you're tunnelling directory
requests through Tor. Specifically, this happens when publishing or
accessing hidden services, or when you have set FascistFirewall or
ReachableAddresses and you're accessing a directory server that's not
reachable directly.

Version-Release number of selected component (if applicable):
tor-0.1.1.25-1.fc6

Comment 1 Enrico Scholz 2006-12-18 08:10:57 UTC

thx; updated to 0.1.1.26

Note You need to log in before you can comment on or make changes to this bug.