[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running 0.2.9.9
Hi, awesome relay operators!
About two weeks ago, we put out 0.2.9.9, to fix a significant problem
in our build process that led to an easy remote crash attack:
o Major bugfixes (security):
- Downgrade the "-ftrapv" option from "always on" to "only on when
--enable-expensive-hardening is provided." This hardening option,
like others, can turn survivable bugs into crashes -- and having
it on by default made a (relatively harmless) integer overflow bug
into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
bugfix on 0.2.9.1-alpha.
If you are on some earlier version of 0.2.9.x, it would be really
great if you could update your relay some time soon: I want to put out
a fix for the underlying bug here, but I'm hesitant to do so while
there are still 700 crashable relays on the network.
Also if you are on 0.3.0.1-alpha, you should upgrade to 0.3.0.2-alpha
or later, but there are only around 53 relays still on that version,
so I'm freaking out less about that.
best wishes and many thanks,
--
Nick
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays