Security critical Tor-0.2.0.26-rc released
Tor-0.2.0.26-rc replaces several V3 directory authority keys affected by a recent Debian OpenSSL bug.
This is a security-critical release.
Everybody running any version in the 0.2.0.x series should upgrade, whether
they are running Debian or not. Also, all servers running any version of Tor
whose keys were generated by Debian, Ubuntu, or any derived distribution may
have to replace their identity keys. See our security advisory for full details. As always, you can find Tor 0.2.0.26-rc on the downloads page.
Changes in version 0.2.0.26-rc - 2008-05-13
Major security fixes:
- Use new V3 directory authority keys on the tor26, gabelmoo, and moria1 V3 directory authorities. The old keys were generated with a vulnerable version of Debian's OpenSSL package, and must be considered compromised. Other authorities' keys were not generatedwith an affected version of OpenSSL.
Major bugfixes:
- List authority signatures as "unrecognized" based on DirServer lines, not on cert cache. Bugfix on 0.2.0.x.
Minor features:
- Add a new V3AuthUseLegacyKey option to make it easier for authorities to change their identity keys if they have to.
Comments
Please note that the comment area below has been archived.
authentification password required
Hello my name is gustavo,I have downloded de Tor software but I can't start using it because I dont have the athentification password required` pls if u can tell me what's the authentification poassword is about and how can I get it??
Thanks a lot ... Gustavo
Password Control
Hi!!! I am currently new to Tor. I had it working but Vidalia it is currently asking for a password.
Thanks;
Hello my name is hamidreza,I
Hello my name is hamidreza,I have downloded the Tor software but I can't use it because it has password required.
PLZ Send Me this Password to my mail (mirhosseini.hamid@hotmail.com)
Thanks and Regards
HamidReza