Tor 0.2.1.28 is released (security patches)
Roger Dingledine
arma at mit.edu
Mon Dec 20 13:58:30 UTC 2010
Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
exploitable bugs. Thanks to Willem Pinckaers for notifying us of the
issue. The Common Vulnerabilities and Exposures project has assigned
CVE-2010-1676 to this issue.
We also took this opportunity to change the IP address for one of our
directory authorities, and to update the geoip database we ship.
All Tor users should upgrade.
https://www.torproject.org/download/download
Changes in version 0.2.1.28 - 2010-12-17
o Major bugfixes:
- Fix a remotely exploitable bug that could be used to crash instances
of Tor remotely by overflowing on the heap. Remote-code execution
hasn't been confirmed, but can't be ruled out. Everyone should
upgrade. Bugfix on the 0.1.1 series and later.
o Directory authority changes:
- Change IP address and ports for gabelmoo (v3 directory authority).
o Minor features:
- Update to the December 1 2010 Maxmind GeoLite Country database.
------------------------------------------------------------------------
This is the Tor announcements list. If you want to unsubscribe, send
mail to majordomo at seul.org with "unsubscribe or-announce" as your message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20101220/16a5a068/attachment.pgp>
More information about the tor-announce
mailing list