[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
On Wed, Jun 7, 2017 at 11:15 AM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> Hi, all!
>
> Tomorrow we'll be putting out new releases in all supported series
> (0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in
> the hidden service code. These vulnerabilities allow an attacker to
> cause a hidden service to crash with an assertion failure. We believe
> that is the only impact. We are tracking these vulnerabilities as
> TROVE-2017-004 and TROVE-2017-005.
>
> For more information about how we handle security issues in Tor, see
> our draft policy at:
> https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
These releases are now available from https://dist.torproject.org/ .
They are: 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11,
0.3.0.8, and 0.3.1.3-alpha.
It will take a while for the website download page to upgrade, since
the system that updates the website tends to get bogged down when
there are lots of builders running at once. I'll send out the regular
announcements once the download page is up-to-date, since it tends to
confuse people when I don't wait for that.
If you're running a hidden service, I recommend that you upgrade as
soon as a package is available for your system.
best wishes,
--
Nick
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk