Tor 0.1.2.16 fixes a critical security vulnerability that allows a remote
attacker in certain situations to rewrite the user's torrc configuration file.
This can completely compromise anonymity of users in most configurations,
including those running the Vidalia bundles, TorK, etc. Or worse.
Users who do not have ControlPort enabled are secure; if you are not sure, you
should upgrade and you should probably overwrite your torrc file with the
default when you upgrade.
Major security fixes:
- Close immediately after missing authentication on control port; do not
allow multiple authentication attempts.
Tools and Utilities
Product page: here