Bug 219941 - Tor < 0.1.1.26 has security problem
Tor < 0.1.1.26 has security problem
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: tor (Show other bugs)
6
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Enrico Scholz
Fedora Extras Quality Assurance
http://archives.seul.org/or/announce/...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-17 06:54 EST by Roozbeh Pournader
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: 0.1.1.26-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-18 03:10:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Roozbeh Pournader 2006-12-17 06:54:37 EST
Description of problem:

Tor 0.1.1.26 fixes a serious privacy bug for people who use the
HttpProxyAuthenticator config option: Tor would send your proxy auth
directly to the directory server when you're tunnelling directory
requests through Tor. Specifically, this happens when publishing or
accessing hidden services, or when you have set FascistFirewall or
ReachableAddresses and you're accessing a directory server that's not
reachable directly.

Version-Release number of selected component (if applicable):
tor-0.1.1.25-1.fc6
Comment 1 Enrico Scholz 2006-12-18 03:10:57 EST
thx; updated to 0.1.1.26

Note You need to log in before you can comment on or make changes to this bug.