[tor-talk] Tor 0.2.3.6-alpha is out (security patches)
Roger Dingledine
arma at mit.edu
Fri Oct 28 00:43:14 UTC 2011
Tor 0.2.3.6-alpha includes the fix from 0.2.2.34 for a critical
anonymity vulnerability where an attacker can deanonymize Tor
users:
https://lists.torproject.org/pipermail/tor-announce/2011-October/000082.html
Everybody should upgrade.
This release also features support for a new v3 connection handshake
protocol, and fixes to make hidden service connections more robust.
https://www.torproject.org/download/download
Changes in version 0.2.3.6-alpha - 2011-10-26
o Major features:
- Implement a new handshake protocol (v3) for authenticating Tors to
each other over TLS. It should be more resistant to fingerprinting
than previous protocols, and should require less TLS hacking for
future Tor implementations. Implements proposal 185.
- Allow variable-length padding cells to disguise the length of
Tor's TLS records. Implements part of proposal 184.
o Privacy/anonymity fixes (clients):
- Clients and bridges no longer send TLS certificate chains on
outgoing OR connections. Previously, each client or bridge would
use the same cert chain for all outgoing OR connections until
its IP address changes, which allowed any relay that the client
or bridge contacted to determine which entry guards it is using.
Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
- If a relay receives a CREATE_FAST cell on a TLS connection, it
no longer considers that connection as suitable for satisfying a
circuit EXTEND request. Now relays can protect clients from the
CVE-2011-2768 issue even if the clients haven't upgraded yet.
- Directory authorities no longer assign the Guard flag to relays
that haven't upgraded to the above "refuse EXTEND requests
to client connections" fix. Now directory authorities can
protect clients from the CVE-2011-2768 issue even if neither
the clients nor the relays have upgraded yet. There's a new
"GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
to let us transition smoothly, else tomorrow there would be no
guard relays.
o Major bugfixes (hidden services):
- Improve hidden service robustness: when an attempt to connect to
a hidden service ends, be willing to refetch its hidden service
descriptors from each of the HSDir relays responsible for them
immediately. Previously, we would not consider refetching the
service's descriptors from each HSDir for 15 minutes after the last
fetch, which was inconvenient if the hidden service was not running
during the first attempt. Bugfix on 0.2.0.18-alpha; fixes bug 3335.
- When one of a hidden service's introduction points appears to be
unreachable, stop trying it. Previously, we would keep trying
to build circuits to the introduction point until we lost the
descriptor, usually because the user gave up and restarted Tor.
Partly fixes bug 3825.
- Don't launch a useless circuit after failing to use one of a
hidden service's introduction points. Previously, we would
launch a new introduction circuit, but not set the hidden service
which that circuit was intended to connect to, so it would never
actually be used. A different piece of code would then create a
new introduction circuit correctly. Bug reported by katmagic and
found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.
o Major bugfixes (other):
- Bridges now refuse CREATE or CREATE_FAST cells on OR connections
that they initiated. Relays could distinguish incoming bridge
connections from client connections, creating another avenue for
enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
Found by "frosty_un".
- Don't update the AccountingSoftLimitHitAt state file entry whenever
tor gets started. This prevents a wrong average bandwidth
estimate, which would cause relays to always start a new accounting
interval at the earliest possible moment. Fixes bug 2003; bugfix
on 0.2.2.7-alpha. Reported by BryonEldridge, who also helped
immensely in tracking this bug down.
- Fix a crash bug when changing node restrictions while a DNS lookup
is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
by "Tey'".
o Minor bugfixes (on 0.2.2.x and earlier):
- When a hidden service turns an extra service-side introduction
circuit into a general-purpose circuit, free the rend_data and
intro_key fields first, so we won't leak memory if the circuit
is cannibalized for use as another service-side introduction
circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
- Rephrase the log message emitted if the TestSocks check is
successful. Patch from Fabian Keil; fixes bug 4094.
- Bridges now skip DNS self-tests, to act a little more stealthily.
Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
bridges. Patch by "warms0x".
- Remove a confusing dollar sign from the example fingerprint in the
man page, and also make the example fingerprint a valid one. Fixes
bug 4309; bugfix on 0.2.1.3-alpha.
- Fix internal bug-checking logic that was supposed to catch
failures in digest generation so that it will fail more robustly
if we ask for a nonexistent algorithm. Found by Coverity Scan.
Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479.
- Report any failure in init_keys() calls launched because our
IP address has changed. Spotted by Coverity Scan. Bugfix on
0.1.1.4-alpha; fixes CID 484.
o Minor bugfixes (on 0.2.3.x):
- Fix a bug in configure.in that kept it from building a configure
script with autoconf versions earlier than 2.61. Fixes bug 2430;
bugfix on 0.2.3.1-alpha.
- Don't warn users that they are exposing a client port to the
Internet if they have specified an RFC1918 address. Previously,
we would warn if the user had specified any non-loopback
address. Bugfix on 0.2.3.3-alpha. Fixes bug 4018; reported by Tas.
- Fix memory leaks in the failing cases of the new SocksPort and
ControlPort code. Found by Coverity Scan. Bugfix on 0.2.3.3-alpha;
fixes coverity CIDs 485, 486, and 487.
o Minor features:
- When a hidden service's introduction point times out, consider
trying it again during the next attempt to connect to the
HS. Previously, we would not try it again unless a newly fetched
descriptor contained it. Required by fixes for bugs 1297 and 3825.
- The next version of Windows will be called Windows 8, and it has
a major version of 6, minor version of 2. Correctly identify that
version instead of calling it "Very recent version". Resolves
ticket 4153; reported by funkstar.
- The Bridge Authority now writes statistics on how many bridge
descriptors it gave out in total, and how many unique descriptors
it gave out. It also lists how often the most and least commonly
fetched descriptors were given out, as well as the median and
25th/75th percentile. Implements tickets 4200 and 4294.
- Update to the October 4 2011 Maxmind GeoLite Country database.
o Code simplifications and refactoring:
- Remove some old code to remember statistics about which descriptors
we've served as a directory mirror. The feature wasn't used and
is outdated now that microdescriptors are around.
- Rename Tor functions that turn strings into addresses, so that
"parse" indicates that no hostname resolution occurs, and
"lookup" indicates that hostname resolution may occur. This
should help prevent mistakes in the future. Fixes bug 3512.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20111027/ec7760c3/attachment.pgp>
More information about the tor-talk
mailing list