Security Information / 2020 / Security Information -- DSA-4644-1 tor

Debian Security Advisory

DSA-4644-1 tor -- security update

Date Reported:

20 Mar 2020

Affected Packages:

tor

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2020-10592.

More information:

A denial of service vulnerability (by triggering high CPU consumption) was found in Tor, a connection-based low-latency anonymous communication system.

For the stable distribution (buster), this problem has been fixed in version 0.3.5.10-1.

For the oldstable distribution (stretch), support for tor is now discontinued. Please upgrade to the stable release (buster) to continue receiving tor updates.

We recommend that you upgrade your tor packages.

For the detailed security status of tor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tor