On 2011-12-16, intrigeri <intrig...@boum.org> wrote: > Hi, > > Roger Dingledine wrote (16 Dec 2011 18:19:10 GMT) : >> Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's >> buffers code. Absolutely everybody should upgrade. > >> the attacker would need to either open a SOCKS connection to >> Tor's SocksPort (usually restricted to localhost), or target a Tor >> instance configured to make its connections through a SOCKS proxy > > My understanding of the flaw makes me think users of Tails 0.9 are not > at risk: an attacker who is able to connect to the Tor's SocksPort in > Tails is likely to be in a position to run arbitrary code already; and > Tails does not configure Tor to use another SOCKS proxy. > > Please correct me if needed.
Your understanding is correct. Robert Ransom _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk