funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: Tor 0.2.1.28 is released (security patches)

From: Paul Ferguson <fergdawgster () gmail com>
Date: Mon, 20 Dec 2010 11:15:54 -0800
FYI,

- ferg



---------- Forwarded message ----------
From: Roger Dingledine <arma () mit edu>
Date: Mon, Dec 20, 2010 at 5:58 AM
Subject: Tor 0.2.1.28 is released (security patches)
To: or-announce () torproject org


Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
exploitable bugs. Thanks to Willem Pinckaers for notifying us of the
issue. The Common Vulnerabilities and Exposures project has assigned
CVE-2010-1676 to this issue.

We also took this opportunity to change the IP address for one of our
directory authorities, and to update the geoip database we ship.

All Tor users should upgrade.

https://www.torproject.org/download/download

Changes in version 0.2.1.28 - 2010-12-17
 o Major bugfixes:
   - Fix a remotely exploitable bug that could be used to crash instances
     of Tor remotely by overflowing on the heap. Remote-code execution
     hasn't been confirmed, but can't be ruled out. Everyone should
     upgrade. Bugfix on the 0.1.1 series and later.

 o Directory authority changes:
   - Change IP address and ports for gabelmoo (v3 directory authority).

 o Minor features:
   - Update to the December 1 2010 Maxmind GeoLite Country database.

------------------------------------------------------------------------

This is the Tor announcements list. If you want to unsubscribe, send
mail to majordomo () seul org with "unsubscribe or-announce" as your message.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFND2EG61qJaiiYi/URAmcJAKCw1wX8KEnpFQ9LMR4SNJ9fJnBfDwCbB0M3
y5yjfNEqGYna+2DZ1f5JM5E=
=isix
-----END PGP SIGNATURE-----




-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

Attachment: signature.asc
Description: 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: