Changes in versoin 0.3.5.15 - 2021-06-1?
BLURB HERE
+ o Major bugfixes (security, backport from 0.4.6.5):
+ - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+ half-closed streams. Previously, clients failed to validate which
+ hop sent these cells: this would allow a relay on a circuit to end
+ a stream that wasn't actually built with it. Fixes bug 40389;
+ bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+ 003 and CVE-2021-34548.
+
+ o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
+ - Detect more failure conditions from the OpenSSL RNG code.
+ Previously, we would detect errors from a missing RNG
+ implementation, but not failures from the RNG code itself.
+ Fortunately, it appears those failures do not happen in practice
+ when Tor is using OpenSSL's default RNG implementation. Fixes bug
+ 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+ TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+ o Major bugfixes (security, denial of service, backport from 0.4.6.5):
+ - Resist a hashtable-based CPU denial-of-service attack against
+ relays. Previously we used a naive unkeyed hash function to look
+ up circuits in a circuitmux object. An attacker could exploit this
+ to construct circuits with chosen circuit IDs, to create
+ collisions and make the hash table inefficient. Now we use a
+ SipHash construction here instead. Fixes bug 40391; bugfix on
+ 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+ CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+ - Fix an out-of-bounds memory access in v3 onion service descriptor
+ parsing. An attacker could exploit this bug by crafting an onion
+ service descriptor that would crash any client that tried to visit
+ it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+ tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+ Glazunov from Google's Project Zero.
+
o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
- Fix an indentation problem that led to a warning from GCC 11.1.1.
Fixes bug 40380; bugfix on 0.3.0.1-alpha.
- Regenerate the list of fallback directories to contain a new set
of 200 relays. Closes ticket 40265.
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2021/06/10.
+
Changes in version 0.3.5.14 - 2021-03-16
Tor 0.3.5.14 backports fixes for two important denial-of-service bugs
+++ /dev/null
- o Major bugfixes (security):
- - Resist a hashtable-based CPU denial-of-service attack against
- relays. Previously we used a naive unkeyed hash function to look up
- circuits in a circuitmux object. An attacker could exploit this to
- construct circuits with chosen circuit IDs in order to try to create
- collisions and make the hash table inefficient. Now we use a SipHash
- construction for this hash table instead. Fixes bug 40391; bugfix on
- 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005.
- Reported by Jann Horn from Google's Project Zero.
+++ /dev/null
- o Major bugfixes (security, defense-in-depth):
- - Detect a wider variety of failure conditions from the OpenSSL RNG
- code. Previously, we would detect errors from a missing RNG
- implementation, but not failures from the RNG code itself.
- Fortunately, it appears those failures do not happen in practice
- when Tor is using OpenSSL's default RNG implementation.
- Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
- TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
projects / thirdparty / tor.git / commitdiff
