[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Upcoming releases next week to fix denial-of-service bugs in Tor


Early next week -- around Tuesday -- we plan to put out new Tor
releases to fix a pair of denial-of-service issues that we have found.
  We are tracking these issues as "High" and "Medium" severity
respectively under our security policy at
.  We are tracking these issues as TROVE-2021-001 and TROVE-2021-002
at https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE
.  All currently supported Tor versions are affected.

The impact of these issues is that a remote attacker participating in
the directory protocol can cause a denial of service attack against
Tor instances. Once the new versions are released, we will recommend
that all relays and authorities should upgrade.  The impact is worst
for directory authorities: we have already distributed patches to the
authority operators and encouraged them to upgrade.

To the best of our knowledge these vulnerabilities are not being
supported in the wild.

We'll be releasing more information about these issues after the fixes
are available.

best wishes,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to