“Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.”
What is arbitrary code? and how can it effect the user?
Basically an attacker can run/do anything they want to a system that is running Tor. Basically can take control of your computer, by backdooring or other techniques. Suggestions would be not to use tor until it is patched.
What versions of tor is this effecting?
The latest version: 0.2.2.35
Gentoo Linux says there is no work around at this time, hopefully Tor will come out with a patch for this soon.
Other vulnribilites found in tor:
Multiple vulnerabilities have been discovered in Tor:
When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).
