[tor-announce] Tor 0.3.0.9 is released, with a security update for clients.
Nick Mathewson
nickm at torproject.org
Thu Jun 29 23:00:40 UTC 2017
(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
. If you have trouble, it is probably because you subscribed using a
different address than the one you are trying to unsubscribe with.
You will have to enter the actual email address you used to
subscribe.)
Hello!
Source code for a new Tor release (0.3.0.9) is now available on the
website. Among other things, it fixes an issue affecting clients using
prior versions of the 0.3.0.x guard code. All such clients should
upgrade as packages become available; clients running 0.2.9.x and
earlier are not affected.
Source is available on the website now; packages should be available
over the next several days. The Tor Browser team tells me they will
have a new release out early next week.
One last reminder: Tor 0.2.4, 0.2.6, and 0.2.7 will no longer be
supported after 1 August of this year. Tor 0.2.8 will not be
supported after 1 Jan of 2018. Tor 0.2.5 will not be supported after
1 May of 2018. If you need a release with long-term support, 0.2.9 is
what we recommend: we plan to support it until at least 1 Jan 2020.
Below is the changelog for the new stable release.
Changes in version 0.3.0.9 - 2017-06-29
Tor 0.3.0.9 fixes a path selection bug that would allow a client
to use a guard that was in the same network family as a chosen exit
relay. This is a security regression; all clients running earlier
versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
0.3.1.4-alpha.
This release also backports several other bugfixes from the 0.3.1.x
series.
o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
- When choosing which guard to use for a circuit, avoid the exit's
family along with the exit itself. Previously, the new guard
selection logic avoided the exit, but did not consider its family.
Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-
006 and CVE-2017-0377.
o Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
- Don't block bootstrapping when a primary bridge is offline and we
can't get its descriptor. Fixes bug 22325; fixes one case of bug
21969; bugfix on 0.3.0.3-alpha.
o Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
- When starting with an old consensus, do not add new entry guards
unless the consensus is "reasonably live" (under 1 day old). Fixes
one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
o Minor features (geoip):
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
Country database.
o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
- Reject version numbers with non-numeric prefixes (such as +, -, or
whitespace). Disallowing whitespace prevents differential version
parsing between POSIX-based and Windows platforms. Fixes bug 21507
and part of 21508; bugfix on 0.0.8pre1.
o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
- Permit the fchmod system call, to avoid crashing on startup when
starting with the seccomp2 sandbox and an unexpected set of
permissions on the data directory or its contents. Fixes bug
22516; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha):
- Fix a memset() off the end of an array when packing cells. This
bug should be harmless in practice, since the corrupted bytes are
still in the same structure, and are always padding bytes,
ignored, or immediately overwritten, depending on compiler
behavior. Nevertheless, because the memset()'s purpose is to make
sure that any other cell-handling bugs can't expose bytes to the
network, we need to fix it. Fixes bug 22737; bugfix on
0.2.4.11-alpha. Fixes CID 1401591.
More information about the tor-announce
mailing list