[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs



Hi, all!

Tomorrow we'll be putting out new releases in all supported series
(0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in
the hidden service code. These vulnerabilities allow an attacker to
cause a hidden service to crash with an assertion failure.  We believe
that is the only impact.  We are tracking these vulnerabilities as
TROVE-2017-004 and TROVE-2017-005.

For more information about how we handle security issues in Tor, see
our draft policy at:
    https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy

best wishes,
-- 
Nick
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk