[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] New Tor security releases: 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, and 0.3.2.6-alpha
- To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
- Subject: [tor-talk] New Tor security releases: 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, and 0.3.2.6-alpha
- From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
- Date: Fri, 1 Dec 2017 09:18:37 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Fri, 01 Dec 2017 10:36:27 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=r49TPNHklqF4SDUOC+dt2yCAEgCSPCB0jOJIBDUaoQo=; b=hBajMmaPqZku/p/HrCMFGtFfPJyjAJZ39y+RT7ZEMFwfdiBGktOFU3d1J9d7fuYMUA 3NXzxmIa7pD+/uEx4Zefd8ONngq1YipWreIDp9JcjJwYMrBJgNdljlxGqLUd9QuGFOe0 N3jYbMpImWGikGCaZ/lpQow0MdO6Cw/tAyt/Cm+or0x9Wq7bY/HPZ2xD7p+XhFbtBwxY u35pLz2/GVxowQ6IUii7hTr/NA7vzO4boqF+Y5tzgoQ86erTkBMGm4aQSCo1MghVbMWi Uet+yajLhoGv+OOia/f6k03gcZce6xtE0nE/MspeUvVd4W/2O2yo1r6ZKQmquDAr8pGy E3Jw==
- List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
- List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
- List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
- List-post: <mailto:tor-talk@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
- Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
There are new releases of Tor to fix several security issues.
If you build Tor from source code, you can download them from the
download page on the website. If you need an older release series, go
to https://dist.torproject.org/ .
For users who do not build from source: packages should be available
soon. All users should upgrade when possible.
These releases fix the following security bugs. For more information
on each one, see the links from
https://trac.torproject.org/projects/tor/wiki/TROVE
TROVE-2017-009: Replay-cache ineffective for v2 onion services
TROVE-2017-010: Remote DoS attack against directory authorities
TROVE-2017-011: An attacker can make Tor ask for a password
TROVE-2017-012: Relays can pick themselves in a circuit path
TROVE-2017-013: Use-after-free in onion service v2
Remember that the following release series are approaching end-of-life:
0.2.8 on 1 Jan 2018
0.3.0 on 26 Jan 2018
0.2.5 on 1 May 2018
If you need a release series with long term support, stick to
0.2.9.x. Otherwise, please stay up-to-date with the latest stable
release series (or with the alphas, if you are feeling brave and you
like reporting bugs).
Below is the changelog for 0.3.2.6-alpha. The changelogs for the
stable releases were sent to tor-announce as usual.
Changes in version 0.3.2.6-alpha - 2017-12-01
This version of Tor is the latest in the 0.3.2 alpha series. It
includes fixes for several important security issues. All Tor users
should upgrade to this release, or to one of the other releases coming
out today.
o Major bugfixes (security):
- Fix a denial of service bug where an attacker could use a
malformed directory object to cause a Tor instance to pause while
OpenSSL would try to read a passphrase from the terminal. (Tor
instances run without a terminal, which is the case for most Tor
packages, are not impacted.) Fixes bug 24246; bugfix on every
version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
Found by OSS-Fuzz as testcase 6360145429790720.
- Fix a denial of service issue where an attacker could crash a
directory authority using a malformed router descriptor. Fixes bug
24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
and CVE-2017-8820.
- When checking for replays in the INTRODUCE1 cell data for a
(legacy) onion service, correctly detect replays in the RSA-
encrypted part of the cell. We were previously checking for
replays on the entire cell, but those can be circumvented due to
the malleability of Tor's legacy hybrid encryption. This fix helps
prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
and CVE-2017-8819.
o Major bugfixes (security, onion service v2):
- Fix a use-after-free error that could crash v2 Tor onion services
when they failed to open circuits while expiring introduction
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
also tracked as TROVE-2017-013 and CVE-2017-8823.
o Major bugfixes (security, relay):
- When running as a relay, make sure that we never build a path
through ourselves, even in the case where we have somehow lost the
version of our descriptor appearing in the consensus. Fixes part
of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
as TROVE-2017-012 and CVE-2017-8822.
- When running as a relay, make sure that we never choose ourselves
as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
o Minor feature (relay statistics):
- Change relay bandwidth reporting stats interval from 4 hours to 24
hours in order to reduce the efficiency of guard discovery
attacks. Fixes ticket 23856.
o Minor features (directory authority):
- Add an IPv6 address for the "bastet" directory authority. Closes
ticket 24394.
o Minor bugfixes (client):
- By default, do not enable storage of client-side DNS values. These
values were unused by default previously, but they should not have
been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk