Tor project releases update to close critical hole

    Date17 Jan 2011
    Posted ByAlex
    The developers of the Tor (The Onion Routing project) anonymisation solution has released version to close a hole that can be remotely exploited. According to the developers, the problem is caused by a heap overflow. Version, which was released in late December, had already fixed another heap overflow in Tor. This flaw could be exploited to remotely crash Tor and the developers didn't rule out that it could also have been exploited to inject and execute arbitrary code. In addition, the new version fixes a potential Denial of Service (DoS) vulnerability in connection with the zlib compression library. Furthermore, keys that are no longer in use will be overwritten with zeros before their memory areas are made available. This is to prevent attackers who have escalated their privileges from accessing the keys. The flaws were also fixed in the unstable version The developers also corrected numerous further issues that previously impacted program stability.
    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.