[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Thu, 8 Jun 2017 11:24:17 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 08 Jun 2017 12:01:15 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=K1w/C4zpyx/wG9AJeaS1ffCjR/FE8GRmiR0oT6eOSTA=; b=R2e3SdlgW5+nmyjn/TyfC0T+rGAanlj+hMTcIaCr9QyAPwS1ciz+arR5B8EAZ0TOuU mQnqtxqplrKiRLoi8QIO7sJCYKMu4xZswQ6K4V1F4mS/A46wpqNGGCdEcXfJ6SWdqZQg ld5aaIwCLD8/2Bs24ust1r6luBwAbX1VReT4q39KHq9coBKjwxkMZsCN2l5tPaI5GhVn ZncOduykwPzPe3uh8FgSsTNYPmM81+PH0hCAcjxZemMg0OTuJcY0zB+k8/rYeQnycNd7 mBZ4+vzwERFEzgGCjnGiMdcZL16iNkNhBL2o5EO08pEVRVFMzshGGbTDPlx32LzEi1Vx v5Cw==
In-reply-to: <CAKDKvuwZDSNS3DN5_CSRJP5w7t57xB7dA0wb2zO8rLV5sLGH0A@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuwZDSNS3DN5_CSRJP5w7t57xB7dA0wb2zO8rLV5sLGH0A@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, Jun 7, 2017 at 11:15 AM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> Hi, all!
>
> Tomorrow we'll be putting out new releases in all supported series
> (0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in
> the hidden service code. These vulnerabilities allow an attacker to
> cause a hidden service to crash with an assertion failure.  We believe
> that is the only impact.  We are tracking these vulnerabilities as
> TROVE-2017-004 and TROVE-2017-005.
>
> For more information about how we handle security issues in Tor, see
> our draft policy at:
>     https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy

These releases are now available from https://dist.torproject.org/ .
They are: 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11,
0.3.0.8, and 0.3.1.3-alpha.

It will take a while for the website download page to upgrade, since
the system that updates the website tends to get bogged down when
there are lots of builders running at once.  I'll send out the regular
announcements once the download page is up-to-date, since it tends to
confuse people when I don't wait for that.

If you're running a hidden service, I recommend that you upgrade as
soon as a package is available for your system.

best wishes,
-- 
Nick
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
  - From: Nick Mathewson

Prev by Author: [tor-talk] 0.3.1.4-alpha is released (with guard-related security fix)
Next by Author: [tor-talk] Tor 0.3.1.3-alpha is released (with security fix for hidden services)
Previous by thread: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
Next by thread: Re: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
Index(es):
- Author
- Thread