tor 0.4.5.10-1 source package in Ubuntu
Changelog
tor (0.4.5.10-1) unstable; urgency=medium
* New upstream version.
- Resolve an assertion failure caused by a behavior mismatch between our
batch-signature verification code and our single-signature verification
code. This assertion failure could be triggered remotely, leading to a
denial of service attack. We fix this issue by disabling batch
verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
Valence.
-- Peter Palfrader <email address hidden> Tue, 17 Aug 2021 19:34:05 +0200
Upload details
- Uploaded by:
- Peter Palfrader
- Uploaded to:
- Sid
- Original maintainer:
- Peter Palfrader
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tor_0.4.5.10-1.dsc | 1.9 KiB | fec1383efcf5d14cf6e2517d4c28fdd600cfc73883a314f76bcddf5ab0adad3e |
| tor_0.4.5.10.orig.tar.gz | 7.5 MiB | 8fe32222f8f2b4e65c6f50ac32eb4dfca59b8af71d0d16781f7ee5bec4c00743 |
| tor_0.4.5.10-1.diff.gz | 52.0 KiB | ecdc1825f28c8e8556a93102723a1ce8008ef47ff3202987ce1006fead7d92a8 |
No changes file available.
Binary packages built by this source
- tor: anonymizing overlay network for TCP
Tor is a connection-based low-latency anonymous communication system.
.
Clients choose a source-routed path through a set of relays, and
negotiate a "virtual circuit" through the network, in which each relay
knows its predecessor and successor, but no others. Traffic flowing
down the circuit is decrypted at each relay, which reveals the
downstream relay.
.
Basically, Tor provides a distributed network of relays. Users bounce
their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
recipients, observers, and even the relays themselves have difficulty
learning which users connected to which destinations.
.
This package enables only a Tor client by default, but it can also be
configured as a relay and/or a hidden service easily.
.
Client applications can use the Tor network by connecting to the local
socks proxy interface provided by your Tor instance. If the application
itself does not come with socks support, you can use a socks client
such as torsocks.
.
Note that Tor does no protocol cleaning on application traffic. There
is a danger that application protocols and associated programs can be
induced to reveal information about the user. Tor depends on Torbutton
and similar protocol cleaners to solve this problem. For best
protection when web surfing, the Tor Project recommends that you use
the Tor Browser Bundle, a standalone tarball that includes static
builds of Tor, Torbutton, and a modified Firefox that is patched to fix
a variety of privacy bugs.
- tor-dbgsym: debug symbols for tor
- tor-geoipdb: GeoIP database for Tor
This package provides a GeoIP database for Tor, i.e. it maps IPv4 addresses
to countries.
.
Bridge relays (special Tor relays that aren't listed in the main Tor
directory) use this information to report which countries they see
connections from. These statistics enable the Tor network operators to
learn when certain countries start blocking access to bridges.
.
Clients can also use this to learn what country each relay is in, so
Tor controllers like arm or Vidalia can use it, or if they want to
configure path selection preferences.
