WoofyDugfock
Group: Members
Posts: 146
Joined: Sep. 2004 |
 |
Posted: Aug. 23 2005,11:15 |
 |
Blurg, which version of Tor did you use to build your dsl?
It's just that versions prior to 0.1.0.10 apparently had a potentially serious security bug. See below (which was reposted on alt.privacy).
(Just in case you weren't aware of it. :=) )
------------------------------------------------------
Date: Thu, 16 Jun 2005 18:15:33 -0400
From: Roger Dingledine <x...@mit.edu>
To: xxxxxxxxx...@freehaven.net
Subject: Security bug in 0.0.9.x Tor servers
Message-ID: <20050616221533.GN29034@localhost.localdomain>
Hi folks,
The Tor 0.1.0.10 release from a few days ago includes a fix for a bug
that might allow an attacker to read arbitrary memory (maybe even keys)
from an exit server's process space. We haven't heard any reports of
exploits yet, but hey.
So, I recommend that you all upgrade to 0.1.0.10.
If you absolutely cannot upgrade yet (for example if you're the Debian Tor
packager and your distribution is too stubborn to upgrade past libevent
1.0b, which has known crash bugs), I've included a patched tarball for
the old 0.0.9 series at:
http://tor.eff.org/dist/tor-0. 0.9.10.tar.gz
http://tor.eff.org/dist/tor-0. 0.9.10.tar.gz.asc
- --Roger
///
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQr6/zAEP2l8iXKAJAQIM/AMghmXWL8+OASDTUFp/S2bIe6wIaG5kIpdz
UUZOdycamtWYoSX1c255tlC6DQE4Ir+Dxi36Cp2b6GnRH2aj/R1AOzQkTrtqbGVH
AIPUHf/TW4wbijpCgSrbQmz8NvYJR+77L9fSlA==
=hOqw
-----END PGP SIGNATURE-----
--------------
"We don't need no stinkin' Windows"
http://news.zdnet.co.uk/software/linuxunix/0,39020390,39149796,00.htm
|
.
DSL Market ,
Great VPS hosting provided by Tektonic
