aboutsummaryrefslogtreecommitdiff
path: root/changes/issue-2011-10-19L
diff options
context:
space:
mode:
Diffstat (limited to 'changes/issue-2011-10-19L')
-rw-r--r--changes/issue-2011-10-19L12
1 files changed, 12 insertions, 0 deletions
diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L
new file mode 100644
index 0000000000..972823eeea
--- /dev/null
+++ b/changes/issue-2011-10-19L
@@ -0,0 +1,12 @@
+ o Security fixes:
+
+ - Don't send TLS certificate chains on outgoing OR connections
+ from clients and bridges. Previously, each client or bridge
+ would use a single cert chain for all outgoing OR connections
+ for up to 24 hours, which allowed any relay connected to by a
+ client or bridge to determine which entry guards it is using.
+ This is a potential user-tracing bug for *all* users; everyone
+ who uses Tor's client or hidden service functionality should
+ upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by
+ frosty_un.
+
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion