CVE-2011-4894 in Ubuntu

CVE-2011-4894

Priority

Low

Description

Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort
access instead of a Tor TLS connection for a directory fetch, which makes
it easier for remote attackers to enumerate bridges by observing DirPort
connections.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4894
https://blog.torproject.org/blog/tor-02234-released-security-patches

Package

Source: tor (LP Ubuntu Debian)

Upstream:	not-affected (0.2.2.35-1)
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected (0.2.2.35-1)
Ubuntu 12.10 (Quantal Quetzal):	not-affected (0.2.2.35-1)
Ubuntu 13.04 (Raring Ringtail):	not-affected (0.2.2.35-1)
Ubuntu 13.10 (Saucy Salamander):	not-affected (0.2.2.35-1)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2013-05-09 15:18:03 UTC (commit 6824)