A flaw in Tor leads to the disclosure of information and the loss of anonymity, integrity and confidentiality.
|Package||net-misc/tor on all architectures|
|Affected versions||< 0.1.0.14|
|Unaffected versions||>= 0.1.0.14|
Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.
The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes.
By setting up a malicious Tor server and enticing users to use this server as first hop, a remote attacker could read and modify all traffic of the user.
There is no known workaround at this time.
All Tor users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.1.0.14"
August 25, 2005
August 25, 2005: 01