Tor 0.2.0.34-stable released

by phobos | February 9, 2009

Tor 0.2.0.34 features several more security-related fixes. You
should upgrade, especially if you run an exit relay (remote crash) or
a directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit).

This release marks end-of-life for Tor 0.1.2.x. Those Tor versions have
many known flaws, and nobody should be using them. You should upgrade. If
you're using a Linux or BSD and its packages are obsolete, stop using
those packages and upgrade anyway.

https://www.torproject.org/download.html

Changes in version 0.2.0.34 - 2009-02-08
Security fixes:

  • Fix an infinite-loop bug on handling corrupt votes under certain
          circumstances. Bugfix on 0.2.0.8-alpha.
  • Fix a temporary DoS vulnerability that could be performed by
          a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
  • Avoid a potential crash on exit nodes when processing malformed
          input. Remote DoS opportunity. Bugfix on 0.2.0.33.
  • Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
          Spec conformance issue. Bugfix on Tor 0.0.2pre27.

Minor bugfixes:

  • Fix compilation on systems where time_t is a 64-bit integer.
          Patch from Matthias Drochner.
  • Don't consider expiring already-closed client connections. Fixes
          bug 893. Bugfix on 0.0.2pre20.

The original announcement can be found at http://archives.seul.org/or/announce/Feb-2009/msg00000.html

Comments

Please note that the comment area below has been archived.

April 26, 2009

Permalink

"This release marks end-of-life for Tor 0.1.2.x."

If this is true why do you still allow nodes to run old versions?
version 0.2.1.19 that is known to have been used by nodes that spyed on traffic is still used by 6% of all nodes, even earlier versions are run by 7% of the nodes, when are you gonna stop the possibility to run a node on these old versions(theres really no good explanation why nodes like Kryten or TSL with 4800KB bandwidth still is running an old 0.1.2.19 version).