diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-03-17 15:37:34 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-03-17 15:37:34 -0400 |
| commit | 2d47cb984d0f882e9347f8e7ebcac5723c94337e (patch) | |
| tree | 173fc9fc7720329dc6723bdb90222c86ea7c8ec9 /ChangeLog | |
| parent | 3bd0601aec61464659e16507a9c1538d0abe7822 (diff) | |
| download | tor-2d47cb984d0f882e9347f8e7ebcac5723c94337e.tar.gz tor-2d47cb984d0f882e9347f8e7ebcac5723c94337e.zip | |
fold in changelog and blurb for trove-2020-002
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 40 |
1 files changed, 32 insertions, 8 deletions
@@ -1,11 +1,35 @@ Changes in version 0.4.3.3-alpha - 2020-03-?? - blurb here. + Tor 0.4.3.3-alpha fixes several bugs in previous releases, including + TROVE-2020-002, a major denial-of-service vulnerability that affected + all released Tor instances since 0.2.1.5-alpha. Using this + vulnerability, an attacker could cause Tor instances to consume a huge + amount of CPU, disrupting their operations for several seconds or + minutes. This attack could be launched by anybody against a relay, or + by a directory cache against any client that had connected to it. The + attacker could launch this attack as much as they wanted, thereby + disrupting service or creating patterns that could aid in traffic + analysis. This issue was found by OSS-Fuzz, and is also tracked + as CVE-2020-10592. + + We do not have reason to believe that this attack is currently being + exploited in the wild, but nonetheless we advise everyone to upgrade + as soon as packages are available. + + o Major bugfixes (security, denial-of-service): + - Fix a denial-of-service bug that could be used by anyone to + consume a bunch of CPU on any Tor relay or authority, or by + directories to consume a bunch of CPU on clients or hidden + services. Because of the potential for CPU consumption to + introduce observable timing patterns, we are treating this as a + high-severity security issue. Fixes bug 33119; bugfix on + 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue + as TROVE-2020-002 and CVE-2020-10592. o Major bugfixes (circuit padding, memory leak): - Avoid a remotely triggered memory leak in the case that a circuit padding machine is somehow negotiated twice on the same circuit. Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. - This is also tracked as TROVE-2020-004. + This is also tracked as TROVE-2020-004 and CVE-2020-10593. o Major bugfixes (directory authority): - Directory authorities will now send a 503 (not enough bandwidth) @@ -44,18 +68,18 @@ Changes in version 0.4.3.3-alpha - 2020-03-?? - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix on 0.3.2.2-alpha. - o Minor bugfixes (onion services v3): - - Fix an assertion failure that could result from a corrupted - ADD_ONION control port command. Found by Saibato. Fixes bug 33137; - bugfix on 0.3.3.1-alpha. This issue is also tracked - as TROVE-2020-003. - o Minor bugfixes (onion service v3, client): - Remove a BUG() warning that would cause a stack trace if an onion service descriptor was freed while we were waiting for a rendezvous circuit to complete. Fixes bug 28992; bugfix on 0.3.2.1-alpha. + o Minor bugfixes (onion services v3): + - Fix an assertion failure that could result from a corrupted + ADD_ONION control port command. Found by Saibato. Fixes bug 33137; + bugfix on 0.3.3.1-alpha. This issue is also tracked + as TROVE-2020-003. + o Documentation (manpage): - Alphabetize the Server and Directory server sections of the tor manpage. Also split Statistics options into their own section of |