From 0c66af2e69ab1ddf02a645d33eba3ce14c6cc4a8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 15 Mar 2021 09:27:26 -0400 Subject: Changelog for 0.3.5.14. --- ChangeLog | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 48402f4ed2..40ac842b84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,51 @@ +Changes in version 0.3.5.14 - 2021-03-16 + Tor 0.3.5.14 backports fixes for two important denial-of-service bugs + in earlier versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a + compatibility issue. + + o Major bugfixes (security, denial of service, backport from 0.4.5.7): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data, backport from 0.4.5.7): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing term, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Removed features (mallinfo deprecated, backport from 0.4.5.7): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + Changes in version 0.3.5.13 - 2020-02-03 Tor 0.3.5.13 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to -- cgit v1.2.3-54-g00ecf