FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tor -- security regression

Affected packages
tor < 0.3.0.9
tor-devel < 0.3.1.4.a

Details

VuXML ID 0b9f4b5e-5d82-11e7-85df-14dae9d5a9d2
Discovery 2017-06-29
Entry 2017-06-30

The Tor Project reports:

Tor 0.3.0.9 fixes a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This is a security regression; all clients running earlier versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or 0.3.1.4-alpha.

References

CVE Name CVE-2017-0377
URL https://blog.torproject.org/blog/tor-0309-released-security-update-clients
URL https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
URL https://lists.torproject.org/pipermail/tor-announce/2017-June/000133.html