[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor 0.1.2.16 is released

To: or-announce@xxxxxxxxxxxxx
Subject: Tor 0.1.2.16 is released
From: Roger Dingledine <arma@xxxxxxx>
Date: Thu, 2 Aug 2007 18:19:18 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-announce-outgoing@xxxxxxxx
Delivered-to: or-announce@xxxxxxxx
Delivery-date: Thu, 02 Aug 2007 18:19:32 -0400
Sender: owner-or-announce@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

Tor 0.1.2.16 fixes a critical security vulnerability that allows a
remote attacker in certain situations to rewrite the user's torrc
configuration file. This can completely compromise anonymity of users
in most configurations, including those running the Vidalia bundles,
TorK, etc. Or worse.

Users who do not have ControlPort enabled are secure; if you are not
sure, you should upgrade and you should probably overwrite your torrc
file with the default when you upgrade. More details will be posted over
the next few days.

https://tor.eff.org/download.html

We have Vidalia bundles for OS X Tiger on the website now. The recommended
workaround for Windows users is either to wait until we have a Vidalia
bundle ready, or do separate installs of the Win32 "expert" package from
https://tor.eff.org/download-windows
and the Windows Vidalia-only package from
http://vidalia-project.net/download.php

Changes in version 0.1.2.16 - 2007-08-01
  o Major security fixes:
    - Close immediately after missing authentication on control port;
      do not allow multiple authentication attempts.

Attachment: signature.asc
Description: Digital signature

Next by Author: Tor 0.1.2.17 is released
Next by thread: Tor 0.1.2.17 is released
Index(es):
- Author
- Thread