Hi, Roger Dingledine wrote (16 Dec 2011 18:19:10 GMT) : > Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's > buffers code. Absolutely everybody should upgrade.
> the attacker would need to either open a SOCKS connection to > Tor's SocksPort (usually restricted to localhost), or target a Tor > instance configured to make its connections through a SOCKS proxy My understanding of the flaw makes me think users of Tails 0.9 are not at risk: an attacker who is able to connect to the Tor's SocksPort in Tails is likely to be in a position to run arbitrary code already; and Tails does not configure Tor to use another SOCKS proxy. Please correct me if needed. Cheers, -- intrigeri <[email protected]> | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | We're dreaming of something else. | Something more clandestine, something happier. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
