New version of Tor fixes two security issues
The developers of the Tor project have released version 0.2.0.35 of their anonymity software, fixing two security problems as well as other issues. According to a report, a compromised exit node could convince a client that the client's DNS request resolved to an internal IP address within the local network. This vulnerability has also been fixed in the release candidate of Tor version 0.2.1.16. The developers haven't provided any further details about this hole and its effects. Attackers could also cause Tor to crash by sending specially crafted router descriptors.
In addition, Tor nodes with dynamic IP addresses reportedly no longer disappear from the Tor network when an address is changed. This problem was caused by local copies of certain folders still containing the old address. The software reportedly also no longer stumbles over specific sequences of network time outs and DNS errors.
The Tor packages are available to download as installers for Windows and Mac. Ready-made RPMs are available for Suse Linux and Red Hat.