t...@t-3.net:
> Redhat's emailed warning to update OpenSSL went out yesterday as
> "Security Advisory - RHSA-2014:0376-1". CentOS' updated OpenSSL
> was available right away as well, and the CentOS 6.5 boxes pulled it
> right down
> in an update.
just FYI:
https://listserv.fnal.gov/scripts/wa.exe?
On 04/09/2014 04:39 AM, Roger Dingledine wrote:> On Tue, Apr 08, 2014
at 07:31:43PM
-0600, Jesse Victors wrote:
>> I'd recommend that every relay operator delete their keys as well,
>
> Not every. Those on OpenSSL 0.9.8, e.g. because they're using
Debian
> oldstable, were never vulnerable to t
On 08/04/14 17:01, Moritz Bartl wrote:
> On 04/08/2014 04:58 PM, ecart...@riseup.net wrote:
>> Greetings all. I follwed the above instructions on my relay. Upon
>> restarting Tor I have lost all of my flags and I have a new fingerprint.
>> Previously I had the Fast, Guard, Named, Running, Stable
On Tue, Apr 08, 2014 at 07:31:43PM -0600, Jesse Victors wrote:
> I'd recommend that every relay operator delete their keys as well,
Not every. Those on OpenSSL 0.9.8, e.g. because they're using Debian
oldstable, were never vulnerable to this bug. I imagine there are some
FreeBSD or the like people
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I've updated OpenSSL, deleted the keys on my exit per the
recommendations, and restarted the whole box. I got a new fingerprint.
I'll watch to see how long the flags take to come back, but I predict it
will be like a new relay. I wonder how this cha
On Tue, Apr 8, 2014 at 4:04 PM, Roger Dingledine wrote:
> Actually, I'd like us to take this opportunity to throw out the Named
> and Unnamed flags entirely.
> I think we've done pretty well at teaching
> users to use $fingerprints rather than nicknames in the few cases where
> they actually want
On Tue, Apr 8, 2014 at 4:34 PM, Roger Dingledine wrote:
> On Tue, Apr 08, 2014 at 04:35:39PM +0100, mick wrote:
>> Moritz Bartl allegedly wrote:
>> > Yes. You made it generate new keys, so it is a "new relay" as far as
>> > Tor is concerned. This is why not everybody should generate new keys
>> >
On Tue, Apr 08, 2014 at 04:35:39PM +0100, mick wrote:
> Moritz Bartl allegedly wrote:
> > Yes. You made it generate new keys, so it is a "new relay" as far as
> > Tor is concerned. This is why not everybody should generate new keys
> > immediately, especially larger relays. But don't worry too muc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hy community :(
It seems, that we are seriously f# since 14 MAR 2012 with the release of
the openssl 1.0.1 branch until yesterday!!!
Affected services which used these libraries are enormous. ftps, https, imaps,
smtp over ssl, xmpp, and so on
On Tue, Apr 08, 2014 at 07:00:53PM +0200, Andreas Krey wrote:
> On Tue, 08 Apr 2014 17:01:18 +, Moritz Bartl wrote:
> ...
> > immediately, especially larger relays. But don't worry too much, you'll
> > get your flags back eventually. :)
>
> But my name only very eventually?
Correct.
Actually
Yup - looks like I just missed it before, updated - now to clear keys and
reboot.
Thanks,
Chris
On 8 April 2014 20:48, Alexander Dietrich wrote:
> I just got 1.0.1e-2+rvt+deb7u5, try again?
>
> Best regards,
>
> Alexander
>
> ---
> PGP Key: 0xC55A356B | https://dietrich.cx/pgp
>
> On 2014-0
I just got 1.0.1e-2+rvt+deb7u5, try again?
Best regards,
Alexander
---
PGP Key: 0xC55A356B | https://dietrich.cx/pgp
On 2014-04-08 21:27, Chris Whittleston wrote:
> I run a relay on a Raspberry Pi and have just gone through and updated
> (apt-get update, apt-get upgrade') but it seems
I run a relay on a Raspberry Pi and have just gone through and updated
(apt-get update, apt-get upgrade') but it seems like the latest version
available is still compromised?
openssl (1.0.1e-2+rvt+deb7u4)
If so - recommendations as to where I might be able to find an updated
version for the pi wo
On 2014-04-08 09:20:28 (-0700), ecart...@riseup.net wrote:
>
> Update: I now have Running, Unnamed, V2Dir and Valid flags after 90
> minutes of uptime. So I guess all is well.
So do I. I guess Named will be the toughest of them all :).
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Des
Indeed, you should check you /var/lib/tor/keys directory to be empty before
restarting your service again.
ATTENTION!!!
On a Debian box, i got the "warning" to restart the openssh and openvpn
server, to be sure that these services use the new libssl binaries.
It is recommended to not only resta
On Tue, 08 Apr 2014 19:04:08 +0200
Lukas Erlacher allegedly wrote:
> On Debian or Ubuntu:
>
> service tor stop && rm /var/lib/tor/keys/* && apt-get update &&
> apt-get -y upgrade
>
You might want to restart tor after that.
-
On Tue, 08 Apr 2014 17:01:18 +, Moritz Bartl wrote:
...
> immediately, especially larger relays. But don't worry too much, you'll
> get your flags back eventually. :)
But my name only very eventually?
Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds
Date: Fri, 22 Jan 2
> From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf
> Of mick
> Sent: Tuesday, April 8, 2014 11:36 AM
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Relays vulnerable to OpenSSL bug: Please upgrade
>
> On Tue, 08 Apr 2014 17:01:18
Update: I now have Running, Unnamed, V2Dir and Valid flags after 90
minutes of uptime. So I guess all is well.
Disregard my second question I see you already addressed it, thanks.
> Thanks Moritz. But shouldn't I at least be Fast Running Valid? I thought
> that when I first set up the relay I
Thanks Moritz. But shouldn't I at least be Fast Running Valid? I thought
that when I first set up the relay I received those flags almost
immediately, but I've been running for over an hour and I still have no
flags at all.
Also, if all relays lose their flags won't we be left with an inoperable
Where is the instructions for this?
Thanks!
Dennis
-Original Message-
From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf
Of mick
Sent: Tuesday, April 8, 2014 11:36 AM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Relays vulnerable to OpenSSL bug
On Tue, Apr 8, 2014 at 11:01 AM, Moritz Bartl wrote:
> On 04/08/2014 04:58 PM, ecart...@riseup.net wrote:
>> Greetings all. I follwed the above instructions on my relay. Upon
>> restarting Tor I have lost all of my flags and I have a new fingerprint.
>> Previously I had the Fast, Guard, Named, R
On Tue, 08 Apr 2014 17:01:18 +0200
Moritz Bartl allegedly wrote:
> On 04/08/2014 04:58 PM, ecart...@riseup.net wrote:
> > Greetings all. I follwed the above instructions on my relay. Upon
> > restarting Tor I have lost all of my flags and I have a new
> > fingerprint. Previously I had the Fast,
> best practice would be to update
> your OpenSSL package, discard all the files in keys/ in your
> DataDirectory, and restart your Tor to generate new keys.
Greetings all. I follwed the above instructions on my relay. Upon
restarting Tor I have lost all of my flags and I have a new fingerprint
On 04/08/2014 04:58 PM, ecart...@riseup.net wrote:
> Greetings all. I follwed the above instructions on my relay. Upon
> restarting Tor I have lost all of my flags and I have a new fingerprint.
> Previously I had the Fast, Guard, Named, Running, Stable, and Valid flags.
> Is this expected? Did
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which
can be used to reveal memory to a connected client or server.
If you're using an older OpenSSL version, you're safe.
Note that this bug affects way more programs tha
26 matches
Mail list logo
