Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2768

Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.

Related bugs and status

CVE-2011-2768 (Candidate) is related to these bugs:

Bug #697407: Please update Tor in older versions of Ubuntu

Summary				In	Importance	Status
	697407	Please update Tor in older versions of Ubuntu		tor (Ubuntu)	Undecided	Fix Released
	697407	Please update Tor in older versions of Ubuntu		tor (Ubuntu Hardy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://blog.torprojec...
DEBIAN: DSA-2331