Thanks very much, Nusenu - I was sometimes copying a bad configuration file from one to another FreeBSD relays; Tor versions are all good now. I won't worry why one of my relays with the EPEL 8 repo got me 0.4.6.7 while the other two are at 0.4.5.10 since 5.10 is good enough.
--Torix ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, September 22nd, 2021 at 8:31 AM, nusenu <nusenu-li...@riseup.net> wrote: > > I can see in OrNetStats that I have several relays marked as having a > > > > vulnerable Tor version. > > correct, some of your relays run versions before the latest stable security > releases > > and are vulnerable to CVE-2021-38385 (DoS) > > https://blog.torproject.org/node/2062 > > https://nusenu.github.io/OrNetStats/w/family/623817eefa493851b18bc3c525939dba852f574399182b1d5a8b8a80b64c380b.html > > > But when I checked and tried to update them, > > > > I was told that everything was up to date. In 2 cases relays rented > > > > at the same time on the same host have different versions. AlexHost > > > > running FreeBSD release 12.1 and 12.2 respectively: 0.4.6.7 and > > > > 0.4.5.8 > > FreeBSD ships tor version 0.4.6.7 - which is fine. > > https://www.freshports.org/security/tor/ > > If you do not get that version via pkg > > make sure you use the latest (not quarterly) repo to get the latest updates > sooner. > > > CoolComputers both running Centos8.4.2105: 0.4.6.6 and > > > > 0.4.5.10 > > EPEL 8 has tor version 0.4.5.10 which is also fine. > > https://bodhi.fedoraproject.org/updates/?packages=tor > > kind regards, > > nusenu > > ------------------------------------------------------------------------------------------------------------------------------------ > > https://nusenu.github.io > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays