diff options
| author | David Goulet <dgoulet@torproject.org> | 2021-08-16 11:53:34 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2021-08-16 11:53:34 -0400 |
| commit | 59c522b964024dd4bf616989966223f0b6165220 (patch) | |
| tree | 3fd167946e5f7770f6f3c4f49a616bc1d6b8d7bc /ChangeLog | |
| parent | 16eb4d4c8bef4210b1c2cb57393b550cd271febd (diff) | |
| download | tor-59c522b964024dd4bf616989966223f0b6165220.tar.gz tor-59c522b964024dd4bf616989966223f0b6165220.zip | |
changelog: Update with security fix stanza
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 14 |
1 files changed, 13 insertions, 1 deletions
@@ -1,5 +1,17 @@ Changes in version 0.3.5.16 - 2021-08-16 - This version fixes several bugs from earlier versions. + This version fixes several bugs from earlier versions of Tor, including one + that could lead to a denial-of-service attack. Everyone running an earlier + version, whether as a client, a relay, or an onion service, should upgrade + to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between + our batch-signature verification code and our single-signature + verification code. This assertion failure could be triggered + remotely, leading to a denial of service attack. We fix this issue + by disabling batch verification. Fixes bug 40078; bugfix on + 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and + CVE-2021-38385. Found by Henry de Valence. o Minor feature (fallbackdir): - Regenerate fallback directories list. Close ticket 40447. |