[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor is released (security fixes)

Tor features several more security-related fixes. You
should upgrade, especially if you run an exit relay (remote crash) or
a directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit).

This release marks end-of-life for Tor 0.1.2.x. Those Tor versions have
many known flaws, and nobody should be using them. You should upgrade. If
you're using a Linux or BSD and its packages are obsolete, stop using
those packages and upgrade anyway.


Changes in version - 2009-02-08
  o Security fixes:
    - Fix an infinite-loop bug on handling corrupt votes under certain
      circumstances. Bugfix on
    - Fix a temporary DoS vulnerability that could be performed by
      a directory mirror. Bugfix on; reported by lark.
    - Avoid a potential crash on exit nodes when processing malformed
      input. Remote DoS opportunity. Bugfix on
    - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
      Spec conformance issue. Bugfix on Tor 0.0.2pre27.

  o Minor bugfixes:
    - Fix compilation on systems where time_t is a 64-bit integer.
      Patch from Matthias Drochner.
    - Don't consider expiring already-closed client connections. Fixes
      bug 893. Bugfix on 0.0.2pre20.

Attachment: signature.asc
Description: Digital signature