Loading ChangeLog +24 −0 Original line number Diff line number Diff line Changes in version 0.2.4.27 - 2015-04-06 Tor 0.2.4.27 backports two fixes from 0.2.6.7 for security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible; clients should upgrade whenever packages become available. This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks. o Major bugfixes (security, hidden service): - Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; bugfix on 0.2.1.6-alpha. Reported by "disgleirio". - Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". o Minor features (DoS-resistance, hidden service): - Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. Resolves ticket 15515. Changes in version 0.2.4.26 - 2015-03-17 Tor 0.2.4.26 includes an updated list of directory authorities. It also backports a couple of stability and security bugfixes from 0.2.5 Loading ReleaseNotes +24 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,30 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. Changes in version 0.2.4.27 - 2015-04-06 Tor 0.2.4.27 backports two fixes from 0.2.6.7 for security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible; clients should upgrade whenever packages become available. This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks. o Major bugfixes (security, hidden service): - Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; bugfix on 0.2.1.6-alpha. Reported by "disgleirio". - Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". o Minor features (DoS-resistance, hidden service): - Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. Resolves ticket 15515. Changes in version 0.2.4.26 - 2015-03-17 Tor 0.2.4.26 includes an updated list of directory authorities. It also backports a couple of stability and security bugfixes from 0.2.5 Loading Loading
ChangeLog +24 −0 Original line number Diff line number Diff line Changes in version 0.2.4.27 - 2015-04-06 Tor 0.2.4.27 backports two fixes from 0.2.6.7 for security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible; clients should upgrade whenever packages become available. This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks. o Major bugfixes (security, hidden service): - Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; bugfix on 0.2.1.6-alpha. Reported by "disgleirio". - Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". o Minor features (DoS-resistance, hidden service): - Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. Resolves ticket 15515. Changes in version 0.2.4.26 - 2015-03-17 Tor 0.2.4.26 includes an updated list of directory authorities. It also backports a couple of stability and security bugfixes from 0.2.5 Loading
ReleaseNotes +24 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,30 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. Changes in version 0.2.4.27 - 2015-04-06 Tor 0.2.4.27 backports two fixes from 0.2.6.7 for security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible; clients should upgrade whenever packages become available. This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks. o Major bugfixes (security, hidden service): - Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; bugfix on 0.2.1.6-alpha. Reported by "disgleirio". - Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". o Minor features (DoS-resistance, hidden service): - Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. Resolves ticket 15515. Changes in version 0.2.4.26 - 2015-03-17 Tor 0.2.4.26 includes an updated list of directory authorities. It also backports a couple of stability and security bugfixes from 0.2.5 Loading
