Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Signaturen in torbrowser-launcher
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Signaturen in torbrowser-launcher
ID: FEDORA-2016-b98995ae24
Distribution: Fedora
Plattformen: Fedora 23
Datum: Fr, 25. März 2016, 16:23
Referenzen: Keine Angabe

Originalnachricht

Name        : torbrowser-launcher
Product : Fedora 23
Version : 0.2.4
Release : 1.fc23
URL : https://github.com/micahflee/torbrowser-launcher
Summary : Tor Browser Bundle managing tool
Description :
Tor Browser Launcher is intended to make Tor Browser easier to
install and use for GNU/Linux users. You install torbrowser-launcher
from your distribution's package manager and it handles everything else:

* Downloads and installs the most recent version of Tor Browser in your
language
and for your computer's architecture, or launches Tor Browser if it's
already
installed (Tor Browser will automatically update itself)
* Verifies Tor Browser's signature for you, to ensure the version you
downloaded
was cryptographically signed by Tor developers and was not tampered with
* Adds "Tor Browser" and "Tor Browser Launcher Settings"
application launcher
to your desktop environment's menu
* Optionally plays a modem sound when you open Tor Browser
(because Tor is so slow)

-------------------------------------------------------------------------------
-
Update Information:

Fix signature verification bypass attack, reported by Jann Horn
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1317324 - torbrowser-launcher-v0.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1317324
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update torbrowser-launcher' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung