Dear WWW Team, Another round of updates: tor ===
Tor is not in stable, but affected in Lenny. Clients running 0.1.2.x are not affected. Tor nodes or hidden service providers running any version, as well as everyone on 0.2.0.x are affected. Please see the vulnerability announcement on the Tor announce mailing list[0]. Upgrading to 0.1.2.19-3 (available in testing, unstable, backports.org, and the usual noreply.org repository[1]) or 0.2.0.26-rc-1 (available in experimental and the usual noreply.org repository[1]) is recommended. If you run a relay these versions will force new server keys (/var/lib/tor/keys/secret_*) being generated. Should you run a Tor node without using the package's infrastructure (debian-tor user, /var/lib/tor as DataDirectory etc.) you manually need to remove bad keys. See the advisory link posted above. If you are hidden service provider, and have created your key in the affected timeframe with a bad libssl then please delete your hidden service's private key. This will change your hidden service's host name and may require reconfiguring your servers. If you are running 0.2.0.x, an upgrade is highly recommended -- 3 of the 6 v3 authority servers have compromised keys. Old 0.2.0.x versions will stop working in a week or two. 0. http://archives.seul.org/or/announce/May-2008/msg00000.html 1. https://wiki.torproject.org/noreply/TheOnionRouter/TorOnDebian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
