[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor 0.0.8.1 is out
- To: firstname.lastname@example.org
- Subject: Re: Tor 0.0.8.1 is out
- From: Roger Dingledine <email@example.com>
- Date: Fri, 15 Oct 2004 19:45:14 -0400
- Cc: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivery-date: Fri, 15 Oct 2004 19:46:04 -0400
- In-reply-to: <20041014063435.S2567@moria.mit.edu>; from arma@MIT.EDU on Thu, Oct 14, 2004 at 06:34:35AM -0400
- References: <20041014063435.S2567@moria.mit.edu>
- Reply-to: firstname.lastname@example.org
- Sender: email@example.com
- User-agent: Mutt/22.214.171.124i
On Thu, Oct 14, 2004 at 06:34:35AM -0400, Roger Dingledine wrote:
> Thanks to auditing work from Ilja van Sprundel, we've fixed a remote
> crash bug. We also took this opportunity to back-port (from 0.0.9pre)
> several other fixes to improve stability.
I talked to Ilja and Ben Laurie more about this, and we've decided that
this remote overflow could be exploited by a sufficiently clever attacker.
So I recommend that everybody upgrade right now, to 0.0.8.1 if you want
a stable version, or 0.0.9pre3 if you don't mind paying more attention
and following the development upgrade cycle.
I'll be sending out mail to servers that are vulnerable, and then taking
them down remotely.