[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.3.5] fold in changelog and blurb for trove-2020-002

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/release-0.3.5] fold in changelog and blurb for trove-2020-002
From: nickm@xxxxxxxxxxxxxx
Date: Wed, 18 Mar 2020 13:34:39 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Mar 2020 09:39:25 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit d82fb437e250e5e2bd29a07658579197d566654d
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Tue Mar 17 15:37:50 2020 -0400

    fold in changelog and blurb for trove-2020-002
---
 ChangeLog | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 20a78b5d2..e6c153be4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,29 @@
 Changes in version 0.3.5.10 - 2020-03-??
-  blurb.
+  Tor 0.3.5.10 backports many fixes from later Tor releases, including a
+  fix for TROVE-2020-002, a major denial-of-service vulnerability that
+  affected all released Tor instances since 0.2.1.5-alpha. Using this
+  vulnerability, an attacker could cause Tor instances to consume a huge
+  amount of CPU, disrupting their operations for several seconds or
+  minutes. This attack could be launched by anybody against a relay, or
+  by a directory cache against any client that had connected to it. The
+  attacker could launch this attack as much as they wanted, thereby
+  disrupting service or creating patterns that could aid in traffic
+  analysis. This issue was found by OSS-Fuzz, and is also tracked
+  as CVE-2020-10592.
+
+  We do not have reason to believe that this attack is currently being
+  exploited in the wild, but nonetheless we advise everyone to upgrade
+  as soon as packages are available.
+
+  o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
+    - Fix a denial-of-service bug that could be used by anyone to
+      consume a bunch of CPU on any Tor relay or authority, or by
+      directories to consume a bunch of CPU on clients or hidden
+      services. Because of the potential for CPU consumption to
+      introduce observable timing patterns, we are treating this as a
+      high-severity security issue. Fixes bug 33119; bugfix on
+      0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
+      as TROVE-2020-002 and CVE-2020-10592.
 
   o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
     - Correct how we use libseccomp. Particularly, stop assuming that



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/release-0.4.2] circpad_setup_machine_on_circ(): exit early on error.
Next by Author: [tor-commits] [tor/maint-0.4.2] Merge branch 'maint-0.4.1' into maint-0.4.2
Previous by thread: [tor-commits] [tor/release-0.3.5] When parsing tokens, reject early on spurious keys.
Next by thread: [tor-commits] [tor/release-0.3.5] Add off-by-one checks for key length.
Index(es):
- Author
- Thread