tor 0.2.9.14-1ubuntu1~16.04.3 source package in Ubuntu

Changelog

tor (0.2.9.14-1ubuntu1~16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Remote crash attack against directory authorities.
    - debian/patches/CVE-2018-0490.patch: Correctly handle NULL returns
      from parse_protocol_list when voting.
    - CVE-2018-0490

 -- Eduardo Barretto <email address hidden>  Thu, 22 Nov 2018 13:37:42 -0200

Upload details

Uploaded by:
Eduardo dos Santos Barretto on 2018-11-22
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2018-11-22 universe net
Xenial security on 2018-11-22 universe net

Downloads

File Size SHA-256 Checksum
tor_0.2.9.14-1ubuntu1~16.04.3.tar.gz 5.4 MiB eda503d5ffee3e439b4d39e392c9fda734ac25e3407b70577145a12a887d8d0e
tor_0.2.9.14-1ubuntu1~16.04.3.dsc 2.0 KiB b80646cac9c14595e49eccda7a3b028c1ef95d9b0d4e215f898db6726d788a1d

View changes file

Binary packages built by this source

tor: anonymizing overlay network for TCP

 Tor is a connection-based low-latency anonymous communication system.
 .
 Clients choose a source-routed path through a set of relays, and
 negotiate a "virtual circuit" through the network, in which each relay
 knows its predecessor and successor, but no others. Traffic flowing
 down the circuit is decrypted at each relay, which reveals the
 downstream relay.
 .
 Basically, Tor provides a distributed network of relays. Users bounce
 their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
 recipients, observers, and even the relays themselves have difficulty
 learning which users connected to which destinations.
 .
 This package enables only a Tor client by default, but it can also be
 configured as a relay and/or a hidden service easily.
 .
 Client applications can use the Tor network by connecting to the local
 socks proxy interface provided by your Tor instance. If the application
 itself does not come with socks support, you can use a socks client
 such as torsocks.
 .
 Note that Tor does no protocol cleaning on application traffic. There
 is a danger that application protocols and associated programs can be
 induced to reveal information about the user. Tor depends on Torbutton
 and similar protocol cleaners to solve this problem. For best
 protection when web surfing, the Tor Project recommends that you use
 the Tor Browser Bundle, a standalone tarball that includes static
 builds of Tor, Torbutton, and a modified Firefox that is patched to fix
 a variety of privacy bugs.

tor-dbg: debugging symbols for Tor

 This package provides the debugging symbols for Tor, The Onion Router.
 Those symbols allow your debugger to assign names to your backtraces, which
 makes it somewhat easier to interpret core dumps.

tor-dbgsym: debug symbols for package tor

 Tor is a connection-based low-latency anonymous communication system.
 .
 Clients choose a source-routed path through a set of relays, and
 negotiate a "virtual circuit" through the network, in which each relay
 knows its predecessor and successor, but no others. Traffic flowing
 down the circuit is decrypted at each relay, which reveals the
 downstream relay.
 .
 Basically, Tor provides a distributed network of relays. Users bounce
 their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
 recipients, observers, and even the relays themselves have difficulty
 learning which users connected to which destinations.
 .
 This package enables only a Tor client by default, but it can also be
 configured as a relay and/or a hidden service easily.
 .
 Client applications can use the Tor network by connecting to the local
 socks proxy interface provided by your Tor instance. If the application
 itself does not come with socks support, you can use a socks client
 such as torsocks.
 .
 Note that Tor does no protocol cleaning on application traffic. There
 is a danger that application protocols and associated programs can be
 induced to reveal information about the user. Tor depends on Torbutton
 and similar protocol cleaners to solve this problem. For best
 protection when web surfing, the Tor Project recommends that you use
 the Tor Browser Bundle, a standalone tarball that includes static
 builds of Tor, Torbutton, and a modified Firefox that is patched to fix
 a variety of privacy bugs.

tor-geoipdb: GeoIP database for Tor

 This package provides a GeoIP database for Tor, i.e. it maps IPv4 addresses
 to countries.
 .
 Bridge relays (special Tor relays that aren't listed in the main Tor
 directory) use this information to report which countries they see
 connections from. These statistics enable the Tor network operators to
 learn when certain countries start blocking access to bridges.
 .
 Clients can also use this to learn what country each relay is in, so
 Tor controllers like arm or Vidalia can use it, or if they want to
 configure path selection preferences.