[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-announce] Tor 0.3.0.8 is released, with security fixes for hidden services. (As are 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, and 0.2.9.11)



Hello!

Source code for a new Tor release (0.3.0.8) is now available on the
website. Among other things, it fixes two issues in earlier versions
of the hidden service code that would allow an attacker to cause a
hidden service to exit with an assertion failure.

If you're running a hidden service, you should upgrade to this
release, or one of the other versions released today.  Source is
available on the website now; packages should be available over the
next several days.

Concurrently with 0.3.0.8, the following versions are also now
available: 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, and
0.2.9.11.  You can find them all at https://dist.torproject.org/

One last reminder: Tor 0.2.4, 0.2.6, and 0.2.7 will no longer be
supported after 1 August of this year.  Tor 0.2.8 will not be
supported after 1 Jan of 2018.  Tor 0.2.5 will not be supported after
1 May of 2018.  If you need a release with long-term support, 0.2.9 is
what we recommend: we plan to support it until at least 1 Jan 2020.

Below are the changelogs for the new stable releases:

=================

Changes in version 0.3.0.8 - 2017-06-08
  Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
  remotely crash a hidden service with an assertion failure. Anyone
  running a hidden service should upgrade to this version, or to some
  other version with fixes for TROVE-2017-004 and TROVE-2017-005.

  Tor 0.3.0.8 also includes fixes for several key management bugs
  that sometimes made relays unreliable, as well as several other
  bugfixes described below.

  o Major bugfixes (hidden service, relay, security, backport
    from 0.3.1.3-alpha):
    - Fix a remotely triggerable assertion failure when a hidden service
      handles a malformed BEGIN cell. Fixes bug 22493, tracked as
      TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.

  o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
    - When performing the v3 link handshake on a TLS connection, report
      that we have the x509 certificate that we actually used on that
      connection, even if we have changed certificates since that
      connection was first opened. Previously, we would claim to have
      used our most recent x509 link certificate, which would sometimes
      make the link handshake fail. Fixes one case of bug 22460; bugfix
      on 0.2.3.6-alpha.

  o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
    - Regenerate link and authentication certificates whenever the key
      that signs them changes; also, regenerate link certificates
      whenever the signed key changes. Previously, these processes were
      only weakly coupled, and we relays could (for minutes to hours)
      wind up with an inconsistent set of keys and certificates, which
      other relays would not accept. Fixes two cases of bug 22460;
      bugfix on 0.3.0.1-alpha.
    - When sending an Ed25519 signing->link certificate in a CERTS cell,
      send the certificate that matches the x509 certificate that we
      used on the TLS connection. Previously, there was a race condition
      if the TLS context rotated after we began the TLS handshake but
      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
      on 0.3.0.1-alpha.

  o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
    - Stop rejecting v3 hidden service descriptors because their size
      did not match an old padding rule. Fixes bug 22447; bugfix on
      tor-0.3.0.1-alpha.

  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
      December 2016 (of which ~126 were still functional) with a list of
      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
      2017. Resolves ticket 21564.

  o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
    - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
      bug 22252; bugfix on 0.2.9.3-alpha.

  o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

  o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
    - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
      months, and regenerate it when it is within one month of expiring.
      Previously, we had generated this certificate at startup with a
      ten-year lifetime, but that could lead to weird behavior when Tor
      was started with a grossly inaccurate clock. Mitigates bug 22466;
      mitigation on 0.3.0.1-alpha.

  o Minor bugfixes (memory leak, directory authority, backport from
    0.3.1.2-alpha):
    - When directory authorities reject a router descriptor due to
      keypinning, free the router descriptor rather than leaking the
      memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.


Changes in version 0.2.9.11 - 2017-06-08
  Tor 0.2.9.11 backports a fix for a bug that would allow an attacker to
  remotely crash a hidden service with an assertion failure. Anyone
  running a hidden service should upgrade to this version, or to some
  other version with fixes for TROVE-2017-005. (Versions before 0.3.0
  are not affected by TROVE-2017-004.)

  Tor 0.2.9.11 also backports fixes for several key management bugs
  that sometimes made relays unreliable, as well as several other
  bugfixes described below.

  o Major bugfixes (hidden service, relay, security, backport
    from 0.3.1.3-alpha):
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.

  o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
    - When performing the v3 link handshake on a TLS connection, report
      that we have the x509 certificate that we actually used on that
      connection, even if we have changed certificates since that
      connection was first opened. Previously, we would claim to have
      used our most recent x509 link certificate, which would sometimes
      make the link handshake fail. Fixes one case of bug 22460; bugfix
      on 0.2.3.6-alpha.

  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
      December 2016 (of which ~126 were still functional) with a list of
      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
      2017. Resolves ticket 21564.

  o Minor features (future-proofing, backport from 0.3.0.7):
    - Tor no longer refuses to download microdescriptors or descriptors if
      they are listed as "published in the future".  This change will
      eventually allow us to stop listing meaningful "published" dates
      in microdescriptor consensuses, and thereby allow us to reduce the
      resources required to download consensus diffs by over 50%.
      Implements part of ticket 21642; implements part of proposal 275.

  o Minor features (directory authorities, backport from 0.3.0.4-rc)
    - Directory authorities now reject relays running versions
      0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
      suffer from bug 20499 and don't keep their consensus cache
      up-to-date. Resolves ticket 20509.

  o Minor features (geoip):
    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (control port, backport from 0.3.0.6):
    - The GETINFO extra-info/digest/<digest> command was broken because
      of a wrong base16 decode return value check, introduced when
      refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

  o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7):
    - The getpid() system call is now permitted under the Linux seccomp2
      sandbox, to avoid crashing with versions of OpenSSL (and other
      libraries) that attempt to learn the process's PID by using the
      syscall rather than the VDSO code. Fixes bug 21943; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (memory leak, directory authority, backport
    from 0.3.1.2-alpha):
    - When directory authorities reject a router descriptor due to
      keypinning, free the router descriptor rather than leaking the
      memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.

Changes in version 0.2.8.14 - 2017-06-08
  Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
  remotely crash a hidden service with an assertion failure. Anyone
  running a hidden service should upgrade to this version, or to some
  other version with fixes for TROVE-2017-005.  (Versions before 0.3.0
  are not affected by TROVE-2017-004.)

  o Major bugfixes (hidden service, relay, security):
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.

  o Minor features (geoip):
    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
      Country database.

  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
      December 2016 (of which ~126 were still functional) with a list of
      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
      2017. Resolves ticket 21564.

  o Minor bugfixes (correctness):
    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

Changes in version 0.2.7.8 - 2017-06-08
  Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
  remotely crash a hidden service with an assertion failure. Anyone
  running a hidden service should upgrade to this version, or to some
  other version with fixes for TROVE-2017-005.  (Versions before 0.3.0
  are not affected by TROVE-2017-004.)

  o Major bugfixes (hidden service, relay, security):
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.

  o Minor features (geoip):
    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (correctness):
    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.


Changes in version 0.2.6.12 - 2017-06-08
  Tor 0.2.6.12 backports a fix for a bug that would allow an attacker to
  remotely crash a hidden service with an assertion failure. Anyone
  running a hidden service should upgrade to this version, or to some
  other version with fixes for TROVE-2017-005.  (Versions before 0.3.0
  are not affected by TROVE-2017-004.)

  o Major bugfixes (hidden service, relay, security):
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.

  o Minor features (geoip):
    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (correctness):
    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

Changes in version 0.2.5.14 - 2017-06-08
  Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to
  remotely crash a hidden service with an assertion failure. Anyone
  running a hidden service should upgrade to this version, or to some
  other version with fixes for TROVE-2017-005.  (Versions before 0.3.0
  are not affected by TROVE-2017-004.)

  o Major bugfixes (hidden service, relay, security):
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.

  o Minor features (geoip):
    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (correctness):
    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

Changes in version 0.2.4.29 - 2017-06-08
  Tor 0.2.4.29 backports a fix for a bug that would allow an attacker to
  remotely crash a hidden service with an assertion failure. Anyone
  running a hidden service should upgrade to this version, or to some
  other version with fixes for TROVE-2017-005.  (Versions before 0.3.0
  are not affected by TROVE-2017-004.)

  o Major bugfixes (hidden service, relay, security):
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.

  o Minor features (geoip):
    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (correctness):
    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
_______________________________________________
tor-announce mailing list
tor-announce@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce