[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor 0.2.3.6-alpha is out (security patches)



Tor 0.2.3.6-alpha includes the fix from 0.2.2.34 for a critical
anonymity vulnerability where an attacker can deanonymize Tor
users:
https://lists.torproject.org/pipermail/tor-announce/2011-October/000082.html

Everybody should upgrade.

This release also features support for a new v3 connection handshake
protocol, and fixes to make hidden service connections more robust.

https://www.torproject.org/download/download

Changes in version 0.2.3.6-alpha - 2011-10-26
  o Major features:
    - Implement a new handshake protocol (v3) for authenticating Tors to
      each other over TLS. It should be more resistant to fingerprinting
      than previous protocols, and should require less TLS hacking for
      future Tor implementations. Implements proposal 185.
    - Allow variable-length padding cells to disguise the length of
      Tor's TLS records. Implements part of proposal 184.

  o Privacy/anonymity fixes (clients):
    - Clients and bridges no longer send TLS certificate chains on
      outgoing OR connections. Previously, each client or bridge would
      use the same cert chain for all outgoing OR connections until
      its IP address changes, which allowed any relay that the client
      or bridge contacted to determine which entry guards it is using.
      Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
    - If a relay receives a CREATE_FAST cell on a TLS connection, it
      no longer considers that connection as suitable for satisfying a
      circuit EXTEND request. Now relays can protect clients from the
      CVE-2011-2768 issue even if the clients haven't upgraded yet.
    - Directory authorities no longer assign the Guard flag to relays
      that haven't upgraded to the above "refuse EXTEND requests
      to client connections" fix. Now directory authorities can
      protect clients from the CVE-2011-2768 issue even if neither
      the clients nor the relays have upgraded yet. There's a new
      "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
      to let us transition smoothly, else tomorrow there would be no
      guard relays.

  o Major bugfixes (hidden services):
    - Improve hidden service robustness: when an attempt to connect to
      a hidden service ends, be willing to refetch its hidden service
      descriptors from each of the HSDir relays responsible for them
      immediately. Previously, we would not consider refetching the
      service's descriptors from each HSDir for 15 minutes after the last
      fetch, which was inconvenient if the hidden service was not running
      during the first attempt. Bugfix on 0.2.0.18-alpha; fixes bug 3335.
    - When one of a hidden service's introduction points appears to be
      unreachable, stop trying it. Previously, we would keep trying
      to build circuits to the introduction point until we lost the
      descriptor, usually because the user gave up and restarted Tor.
      Partly fixes bug 3825.
    - Don't launch a useless circuit after failing to use one of a
      hidden service's introduction points. Previously, we would
      launch a new introduction circuit, but not set the hidden service
      which that circuit was intended to connect to, so it would never
      actually be used. A different piece of code would then create a
      new introduction circuit correctly. Bug reported by katmagic and
      found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.

  o Major bugfixes (other):
    - Bridges now refuse CREATE or CREATE_FAST cells on OR connections
      that they initiated. Relays could distinguish incoming bridge
      connections from client connections, creating another avenue for
      enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
      Found by "frosty_un".
    - Don't update the AccountingSoftLimitHitAt state file entry whenever
      tor gets started. This prevents a wrong average bandwidth
      estimate, which would cause relays to always start a new accounting
      interval at the earliest possible moment. Fixes bug 2003; bugfix
      on 0.2.2.7-alpha. Reported by BryonEldridge, who also helped
      immensely in tracking this bug down.
    - Fix a crash bug when changing node restrictions while a DNS lookup
      is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
      by "Tey'".

  o Minor bugfixes (on 0.2.2.x and earlier):
    - When a hidden service turns an extra service-side introduction
      circuit into a general-purpose circuit, free the rend_data and
      intro_key fields first, so we won't leak memory if the circuit
      is cannibalized for use as another service-side introduction
      circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
    - Rephrase the log message emitted if the TestSocks check is
      successful. Patch from Fabian Keil; fixes bug 4094.
    - Bridges now skip DNS self-tests, to act a little more stealthily.
      Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
      bridges. Patch by "warms0x".
    - Remove a confusing dollar sign from the example fingerprint in the
      man page, and also make the example fingerprint a valid one. Fixes
      bug 4309; bugfix on 0.2.1.3-alpha.
    - Fix internal bug-checking logic that was supposed to catch
      failures in digest generation so that it will fail more robustly
      if we ask for a nonexistent algorithm. Found by Coverity Scan.
      Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479.
    - Report any failure in init_keys() calls launched because our
      IP address has changed. Spotted by Coverity Scan. Bugfix on
      0.1.1.4-alpha; fixes CID 484.

  o Minor bugfixes (on 0.2.3.x):
    - Fix a bug in configure.in that kept it from building a configure
      script with autoconf versions earlier than 2.61. Fixes bug 2430;
      bugfix on 0.2.3.1-alpha.
    - Don't warn users that they are exposing a client port to the
      Internet if they have specified an RFC1918 address. Previously,
      we would warn if the user had specified any non-loopback
      address. Bugfix on 0.2.3.3-alpha. Fixes bug 4018; reported by Tas.
    - Fix memory leaks in the failing cases of the new SocksPort and
      ControlPort code. Found by Coverity Scan. Bugfix on 0.2.3.3-alpha;
      fixes coverity CIDs 485, 486, and 487.

  o Minor features:
    - When a hidden service's introduction point times out, consider
      trying it again during the next attempt to connect to the
      HS. Previously, we would not try it again unless a newly fetched
      descriptor contained it. Required by fixes for bugs 1297 and 3825.
    - The next version of Windows will be called Windows 8, and it has
      a major version of 6, minor version of 2. Correctly identify that
      version instead of calling it "Very recent version". Resolves
      ticket 4153; reported by funkstar.
    - The Bridge Authority now writes statistics on how many bridge
      descriptors it gave out in total, and how many unique descriptors
      it gave out. It also lists how often the most and least commonly
      fetched descriptors were given out, as well as the median and
      25th/75th percentile. Implements tickets 4200 and 4294.
    - Update to the October 4 2011 Maxmind GeoLite Country database.

  o Code simplifications and refactoring:
    - Remove some old code to remember statistics about which descriptors
      we've served as a directory mirror. The feature wasn't used and
      is outdated now that microdescriptors are around.
    - Rename Tor functions that turn strings into addresses, so that
      "parse" indicates that no hostname resolution occurs, and
      "lookup" indicates that hostname resolution may occur. This
      should help prevent mistakes in the future. Fixes bug 3512.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk