[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] [tor-announce] Tor 0.2.2.35 is released (security patches)
On 2011-12-16, intrigeri <intrigeri@xxxxxxxx> wrote:
> Hi,
>
> Roger Dingledine wrote (16 Dec 2011 18:19:10 GMT) :
>> Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
>> buffers code. Absolutely everybody should upgrade.
>
>> the attacker would need to either open a SOCKS connection to
>> Tor's SocksPort (usually restricted to localhost), or target a Tor
>> instance configured to make its connections through a SOCKS proxy
>
> My understanding of the flaw makes me think users of Tails 0.9 are not
> at risk: an attacker who is able to connect to the Tor's SocksPort in
> Tails is likely to be in a position to run arbitrary code already; and
> Tails does not configure Tor to use another SOCKS proxy.
>
> Please correct me if needed.
Your understanding is correct.
Robert Ransom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk