CVE-2011-2768

Publication date 23 December 2011

Last updated 24 July 2024


Ubuntu priority

Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.

Status

Package Ubuntu Release Status
tor 13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric Ignored end of life
11.04 natty Ignored end of life
10.10 maverick Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Ignored end of life