security updates

The Tor Browser Bundles for Linux have all been updated to really include the latest Firefox, 10.0.2.

https://www.torproject.org/download

Tor Browser Bundle for Linux (2.2.35-7.2)

• Really update Firefox to 10.0.2
• Update libpng to 1.5.9

Please note that this time around, I made and signed the bundles as Erinn is travelling. I hope all the previous issues have been fixed, and would like to apologize for taking so long to get updated Linux bundles out. Please report any issues you find on our bugtracker.

You can find my gpg key's fingerprint on the signing keys page.

The Tor Browser Bundles have all been updated to the latest Firefox 10.0.2.

https://www.torproject.org/download

Tor Browser Bundle (2.2.35-7)

• Update Firefox to 10.0.2

Linux updates

• Update libpng to 1.5.8 (closes: #5144)

UPDATE: The wrong version of Firefox got into the OS X 64-bit and Windows bundles. These have now been updated properly and are online with version number 2.2.35-7.1.

A new Tor stable (0.2.1.29) (sig) and Tor alpha (0.2.2.21-alpha) (sig) have been released and all users are strongly encouraged to upgrade.

The following packages have been released:

• Windows expert packages (stable & alpha)
• Vidalia bundles (stable & alpha for Windows, and OS X ppc & x86)
• Tor Browser Bundles for Windows, Linux, and OS X (see below for other updates)
• RPM packages (stable & alpha)
• Debian and Ubuntu packages (stable & alpha)

You can download all of these from our download page or package repositories.

If you encounter any problems, please file a bug on our bug tracker.

Tor Browser Bundles

Windows Bundles
1.3.17: Released 2011-01-16

• Update Tor to 0.2.1.29

Linux Bundles
1.1.3: Released 2011-01-16

• Update Tor to 0.2.2.21-alpha
• Update NoScript to 2.0.9.3

OS X Bundles
1.0.10: Released 2011-01-16

• Update Tor to 0.2.2.21-alpha
• Update NoScript to 2.0.9.3

The Tor Browser Bundles have all been updated with some important security fixes and it is advised that all users upgrade. Geolocation has been disabled and some prefs added as a workaround for bug 2338. A full list of changes is in the diff.

Linux bundles

1.1.2: Released 2011-01-09

• Update Firefox preferences to be more secure and disable geolocation to address #2338

OS X bundle
1.0.9: Released 2011-01-09

• Update Firefox preferences to be more secure and disable geolocation to address #2338

Windows bundles
1.3.16: Released 2011-01-09 read more »

You should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha:
https://www.torproject.org/easy-download.html.en

In early January we discovered that two of the seven servers that run directory
authorities were compromised (moria1 and gabelmoo), along with
metrics.torproject.org, a new server we'd recently set up to serve
metrics data and graphs. The three servers have since been reinstalled
with service migrated to other servers.

We made fresh identity keys for the two directory authorities, which is
why you need to upgrade.

Moria also hosted our git repository and svn repository. We took the
services offline as soon as we learned of the breach. It appears the
attackers didn't realize what they broke into -- just that they had
found some servers with lots of bandwidth. The attackers set up some ssh
keys and proceeded to use the three servers for launching other attacks.
We've done some preliminary comparisons, and it looks like git and svn
were not touched in any way. read more »