funsec mailing list archives
Fwd: Tor 0.2.1.28 is released (security patches)
From: Paul Ferguson <fergdawgster () gmail com>
Date: Mon, 20 Dec 2010 11:15:54 -0800
FYI, - ferg ---------- Forwarded message ---------- From: Roger Dingledine <arma () mit edu> Date: Mon, Dec 20, 2010 at 5:58 AM Subject: Tor 0.2.1.28 is released (security patches) To: or-announce () torproject org Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely exploitable bugs. Thanks to Willem Pinckaers for notifying us of the issue. The Common Vulnerabilities and Exposures project has assigned CVE-2010-1676 to this issue. We also took this opportunity to change the IP address for one of our directory authorities, and to update the geoip database we ship. All Tor users should upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.28 - 2010-12-17 o Major bugfixes: - Fix a remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade. Bugfix on the 0.1.1 series and later. o Directory authority changes: - Change IP address and ports for gabelmoo (v3 directory authority). o Minor features: - Update to the December 1 2010 Maxmind GeoLite Country database. ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo () seul org with "unsubscribe or-announce" as your message. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFND2EG61qJaiiYi/URAmcJAKCw1wX8KEnpFQ9LMR4SNJ9fJnBfDwCbB0M3 y5yjfNEqGYna+2DZ1f5JM5E= =isix -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Attachment:
signature.asc
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fwd: Tor 0.2.1.28 is released (security patches) Paul Ferguson (Dec 20)