Tor 0.1.2.16 fixes a critical security vulnerability that allows a remote attacker in certain situations to rewrite the user's torrc configuration file. This can completely compromise anonymity of users in most configurations, including those running the Vidalia bundles, TorK, etc. Or worse. Users who do not have ControlPort enabled are secure; if you are not sure, you should upgrade and you should probably overwrite your torrc file with the default when you upgrade. More details will be posted over the next few days. https://tor.eff.org/download.html We have Vidalia bundles for OS X Tiger on the website now. The recommended workaround for Windows users is either to wait until we have a Vidalia bundle ready, or do separate installs of the Win32 "expert" package from https://tor.eff.org/download-windows and the Windows Vidalia-only package from http://vidalia-project.net/download.php Changes in version 0.1.2.16 - 2007-08-01 o Major security fixes: - Close immediately after missing authentication on control port; do not allow multiple authentication attempts.
Description: Digital signature