summaryrefslogtreecommitdiff
path: root/changes/issue-2011-10-19L
diff options
context:
space:
mode:
Diffstat (limited to 'changes/issue-2011-10-19L')
-rw-r--r--changes/issue-2011-10-19L28
1 files changed, 0 insertions, 28 deletions
diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L
deleted file mode 100644
index b879c9d401..0000000000
--- a/changes/issue-2011-10-19L
+++ /dev/null
@@ -1,28 +0,0 @@
- o Security fixes:
-
- - Don't send TLS certificate chains on outgoing OR connections
- from clients and bridges. Previously, each client or bridge
- would use a single cert chain for all outgoing OR connections
- for up to 24 hours, which allowed any relay connected to by a
- client or bridge to determine which entry guards it is using.
- This is a potential user-tracing bug for *all* users; everyone
- who uses Tor's client or hidden service functionality should
- upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by
- frosty_un.
-
- - Don't use any OR connection on which we have received a
- CREATE_FAST cell to satisfy an EXTEND request. Previously, we
- would not consider whether a connection appears to be from a
- client or bridge when deciding whether to use that connection to
- satisfy an EXTEND request. Mitigates CVE-2011-2768, by
- preventing an attacker from determining whether an unpatched
- client is connected to a patched relay. Bugfix on FIXME; found
- by frosty_un.
-
- - Don't assign the Guard flag to relays running a version of Tor
- which would use an OR connection on which it has received a
- CREATE_FAST cell to satisfy an EXTEND request. Mitigates
- CVE-2011-2768, by ensuring that clients will not connect
- directly to any relay which an attacker could probe for an
- unpatched client's connections.
-
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion