Tor 0.0.8.1 is out
arma at mit.edu
Fri Oct 15 23:45:14 UTC 2004
On Thu, Oct 14, 2004 at 06:34:35AM -0400, Roger Dingledine wrote:
> Thanks to auditing work from Ilja van Sprundel, we've fixed a remote
> crash bug. We also took this opportunity to back-port (from 0.0.9pre)
> several other fixes to improve stability.
I talked to Ilja and Ben Laurie more about this, and we've decided that
this remote overflow could be exploited by a sufficiently clever attacker.
So I recommend that everybody upgrade right now, to 0.0.8.1 if you want
a stable version, or 0.0.9pre3 if you don't mind paying more attention
and following the development upgrade cycle.
I'll be sending out mail to servers that are vulnerable, and then taking
them down remotely.
More information about the tor-dev