New Tor Security Updates Patch DoS Bug That Let Attackers Crash Relays, Clients
Jan 26, 2017, 15:00 (0 Talkback[s])
(Other stories by Marius Nestor)
The most important bug fixed in the Tor 0.2.9.9 and Tor 0.3.0.2 Alpha versions is a denial-of-service (DoS) vulnerability that could allow an attacker to crash relays and clients, even if these weren't compiled with the "--enable-expensive-hardening" option. Tor 0.2.9.x and 0.3.0.1-alpha builds are affected by the issue. It is recommended to update to Tor 0.2.9.9, which is the current stable release of the software for enabling anonymous communication, as soon as possible. Also, if you're using the development branch, make sure that you're running at least version 0.3.0.2-alpha, which is now available for download, for testing purposes only.