[tor-relays] security update for obfs4proxy

meskio meskio at torproject.org
Fri Oct 14 17:26:18 UTC 2022


Quoting Toralf Förster (2022-10-14 18:08:38)
> On 10/14/22 11:28, meskio wrote:
> > The latest version of obfs4proxy (0.0.14) comes with an important security fix.
> 
> Is there a Changelog available ?

The upstream changelog is here:
https://gitlab.com/yawning/obfs4/-/blob/master/ChangeLog
But I understand is not easy to understand what the problem is from that
changelog.

I was pointed out today that "important security fix" might be confusing. To be
clear this is 'obfuscation' security fix, this means before 0.0.14 it was
possible for an observer on the network to distinguish obfs4 traffic. So is a
security problem from the obfs4 user perspective.

But is not any risk for bridge operators. An attacker can *not* exploit this
issue to do any harm to the operator.

-- 
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20221014/6929fca9/attachment.sig>


More information about the tor-relays mailing list