Debian Security Advisory
DSA-4644-1 tor -- security update
- Date Reported:
- 20 Mar 2020
- Affected Packages:
- tor
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-10592.
- More information:
-
A denial of service vulnerability (by triggering high CPU consumption) was found in Tor, a connection-based low-latency anonymous communication system.
For the stable distribution (buster), this problem has been fixed in version 0.3.5.10-1.
For the oldstable distribution (stretch), support for tor is now discontinued. Please upgrade to the stable release (buster) to continue receiving tor updates.
We recommend that you upgrade your tor packages.
For the detailed security status of tor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tor