diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug24313 | 5 | ||||
| -rw-r--r-- | changes/bug24480 | 3 | ||||
| -rw-r--r-- | changes/trove-2017-009 | 10 | ||||
| -rw-r--r-- | changes/trove-2017-010 | 6 | ||||
| -rw-r--r-- | changes/trove-2017-011 | 8 | ||||
| -rw-r--r-- | changes/trove-2017-012-part1 | 6 | ||||
| -rw-r--r-- | changes/trove-2017-012-part2 | 5 |
7 files changed, 43 insertions, 0 deletions
diff --git a/changes/bug24313 b/changes/bug24313 new file mode 100644 index 0000000000..b927ec3ba6 --- /dev/null +++ b/changes/bug24313 @@ -0,0 +1,5 @@ + o Major bugfixes (security, hidden service v2): + - Fix a use-after-free error that could crash v2 Tor hidden services + when it failed to open circuits while expiring introductions + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This + issue is also tracked as TROVE-2017-013 and CVE-2017-8823. diff --git a/changes/bug24480 b/changes/bug24480 new file mode 100644 index 0000000000..94e5b91a0c --- /dev/null +++ b/changes/bug24480 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix a signed/unsigned comparison warning introduced by our + fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. diff --git a/changes/trove-2017-009 b/changes/trove-2017-009 new file mode 100644 index 0000000000..166a5faec6 --- /dev/null +++ b/changes/trove-2017-009 @@ -0,0 +1,10 @@ + o Major bugfixes (security): + - When checking for replays in the INTRODUCE1 cell data for a (legacy) + hiddden service, correctly detect replays in the RSA-encrypted part of + the cell. We were previously checking for replays on the entire cell, + but those can be circumvented due to the malleability of Tor's legacy + hybrid encryption. This fix helps prevent a traffic confirmation + attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also + tracked as TROVE-2017-009 and CVE-2017-8819. + + diff --git a/changes/trove-2017-010 b/changes/trove-2017-010 new file mode 100644 index 0000000000..d5bf9333da --- /dev/null +++ b/changes/trove-2017-010 @@ -0,0 +1,6 @@ + o Major bugfixes (security): + - Fix a denial-of-service issue where an attacker could crash + a directory authority using a malformed router descriptor. + Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked + as TROVE-2017-010 and CVE-2017-8820. + diff --git a/changes/trove-2017-011 b/changes/trove-2017-011 new file mode 100644 index 0000000000..82d20d9e78 --- /dev/null +++ b/changes/trove-2017-011 @@ -0,0 +1,8 @@ + o Major bugfixes (security): + - Fix a denial of service bug where an attacker could use a malformed + directory object to cause a Tor instance to pause while OpenSSL would + try to read a passphrase from the terminal. (If the terminal was not + available, tor would continue running.) Fixes bug 24246; bugfix on + every version of Tor. Also tracked as TROVE-2017-011 and + CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. + diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1 new file mode 100644 index 0000000000..9fccc2cf65 --- /dev/null +++ b/changes/trove-2017-012-part1 @@ -0,0 +1,6 @@ + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never build a path through + ourselves, even in the case where we have somehow lost the version of + our descriptor appearing in the consensus. Fixes part of bug 21534; + bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2 new file mode 100644 index 0000000000..ed994c5b02 --- /dev/null +++ b/changes/trove-2017-012-part2 @@ -0,0 +1,5 @@ + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never ever choose ourselves + as a guard. Previously, this was possible. Fixes part of bug 21534; + bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. |