[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Security bug in 0.0.9.x Tor servers

To: or-announce@xxxxxxxxxxxxx
Subject: Security bug in 0.0.9.x Tor servers
From: Roger Dingledine <arma@xxxxxxx>
Date: Thu, 16 Jun 2005 18:15:33 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-announce-outgoing@seul.org
Delivered-to: or-announce@seul.org
Delivery-date: Thu, 16 Jun 2005 18:15:45 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-announce@xxxxxxxxxxxxx
User-agent: Mutt/1.5.9i

Hi folks,

The Tor 0.1.0.10 release from a few days ago includes a fix for a bug
that might allow an attacker to read arbitrary memory (maybe even keys)
from an exit server's process space. We haven't heard any reports of
exploits yet, but hey.

So, I recommend that you all upgrade to 0.1.0.10. :)

If you absolutely cannot upgrade yet (for example if you're the Debian Tor
packager and your distribution is too stubborn to upgrade past libevent
1.0b, which has known crash bugs), I've included a patched tarball for
the old 0.0.9 series at:
http://tor.eff.org/dist/tor-0.0.9.10.tar.gz
http://tor.eff.org/dist/tor-0.0.9.10.tar.gz.asc

--Roger

Prev by Author: Tor 0.1.0.10 is released
Previous by thread: Tor 0.1.0.10 is released
Index(es):
- Author
- Thread