Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

On Wed, 26 Oct 2016, Zack Weinberg wrote: > On Wed, Oct 26, 2016 at 5:54 AM, Peter Palfrader > wrote: > > On Wed, 26 Oct 2016, Alan wrote: > >> 0.2.5.12 is the latest version from the repo. Im assuming I should pull > >> down the source and compile it. > > > > Depends on

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

On Wed, 26 Oct 2016, at 02:04 PM, Zack Weinberg wrote: > If you're using Debian jessie, you can get an 0.2.8.9 package from > either backports or the torproject.org repository. I went with > backports because that let me also pick up a much newer openssl. > > zw Zack, Interesting, I too

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

Thanks for the advice, I added torproject.org repo and it upgraded to 0.2.8.9 Alan > On Wed, Oct 26, 2016 at 5:54 AM, Peter Palfrader > wrote: >> On Wed, 26 Oct 2016, Alan wrote: >>> 0.2.5.12 is the latest version from the repo. Im assuming I should pull >>> down the

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

On Wed, 26 Oct 2016, Alan wrote: > 0.2.5.12 is the latest version from the repo. Im assuming I should pull > down the source and compile it. Depends on the repo. If you provided a little more information we'd be able to sy more. -- | .''`. ** Debian **

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

0.2.5.12 is the latest version from the repo. Im assuming I should pull down the source and compile it. >> Thanks for the update, my main relay was vulnerable but i've patched it now to 0.2.8.9. >> >> My Raspberry Pi is running 0.2.5.12 -- is that ok? > > If your version is from before

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

> Thanks for the update, my main relay was vulnerable but i've patched it > now to 0.2.8.9. > > My Raspberry Pi is running 0.2.5.12 -- is that ok? If your version is from before 2016-10-17, your relay is vulnerable. To be sure you should be running 0.2.8.9. signature.asc Description:

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

nusenu: > CentOS/RHEL/Fedora > === > > yum install --enablerepo=epel-testing tor correction: CentOS/RHEL yum upgrade --enablerepo=epel-testing tor fedora: dnf upgrade --enablerepo=updates-testing tor signature.asc Description: OpenPGP digital signature

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

Markus, I'm too damn old to type that accurately, My hands shake from old mechanical keyboards and my eyes are irradiated from old Wyse 50 terminals... > On Oct 26, 2016, at 02:31, Markus Koch wrote: > > I did it like a real man, just me hands and putty without any

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

Haha ok! Nice hard work so ;) Good luck for next update ! (hope it will be ok for a long time!) Le 26/10/2016 à 09:30, Markus Koch a écrit : > I did it like a real man, just me hands and putty without any bash scripts > and these modern devil tools! > > markus > > > Sent from my iPad > >> On

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

I did it like a real man, just me hands and putty without any bash scripts and these modern devil tools! markus Sent from my iPad > On 26 Oct 2016, at 09:18, John Ricketts wrote: > > I feel you Markus, I did 24. I wrote a bash script to update/upgrade/reboot. > >> On

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

I feel you Markus, I did 24. I wrote a bash script to update/upgrade/reboot. > On Oct 26, 2016, at 02:17, Markus Koch wrote: > > 32 relays updated (Debian + Tor compiled to latest version) > > I am getting too old for this without a server management system >

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

Handmade scripts to update everybody ? (a little curious ;) Markus Koch : > I am getting too old for this without a server management system -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

32 relays updated (Debian + Tor compiled to latest version) I am getting too old for this without a server management system Markus 2016-10-25 23:48 GMT+02:00 nusenu : > just a reminder since most of the tor network (including some of the > biggest operators)

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

Thanks for the update, my main relay was vulnerable but i've patched it now to 0.2.8.9. My Raspberry Pi is running 0.2.5.12 -- is that ok? > just a reminder since most of the tor network (including some of the biggest operators) still runs vulnerable relays > >

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

On Tue, Oct 25, 2016 at 09:48:00PM +, nusenu wrote: > It is not possible to reliable determine the exact CW fraction > affected[1] due to the fact that patches were released that didn't > increase tor's version number. In the case of OpenBSD, MTier published a binary package (patch) only

[tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

just a reminder since most of the tor network (including some of the biggest operators) still runs vulnerable relays https://blog.torproject.org/blog/tor-0289-released-important-fixes Since 2/3 directory authorities removed most vulnerable versions from their 'recommended versions' you should