14 DAY TRIAL // Tor Project informed the Tor (The Onion Router) community about the immediate availability of the Tor 0.2.8.9 stable update, which adds a few important security fixes to keep your Tor installation reliable at all times.
Tor 0.2.8.9 is here three weeks after the release of TOR 0.2.8.8 in an attempt to backport a fix for a security flaw discovered in previous versions of the software, which could have allowed a remote attacker to crash the Tor client, authority, relay, and hidden service. It appears to be an important security fix, so you're urged to update your Tor installation to version 0.2.8.9 as we speak. Patches will be available soon for older versions of Tor as well.
"Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur," reads the announcement.
Tor 0.2.9.4 Alpha now available for public testing
Apart from patching the security hole mentioned above, the Tor 0.2.8.9 maintenance release updates the GeoIP and GeoIP6 databases to the October 4, 2016, Maxmind GeoLite2 Country database. In related news, Tor Project released the Tor 0.2.9.4 Alpha pre-release to early adopters and those willing to help the development team polish the final release of the upcoming Tor 0.2.9.x series. Both Tor 0.2.8.9 and Tor 0.2.9.4 Alpha are now available for download via our website.
Tor 0.2.9.4 Alpha contains a bunch of improvements, so we recommend reading the in-depth blog announcement if you're curious to know what exactly has been changed. Also, if you're installing this version, please try to keep in mind that it's not stable enough to be used in production environments, as it might contain unknown issues that need to be fixed before the final release hits the streets, which should happen before the end of the year if we're lucky.