[tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
Nick Mathewson
nickm at freehaven.net
Wed Jun 7 15:15:35 UTC 2017
Hi, all!
Tomorrow we'll be putting out new releases in all supported series
(0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in
the hidden service code. These vulnerabilities allow an attacker to
cause a hidden service to crash with an assertion failure. We believe
that is the only impact. We are tracking these vulnerabilities as
TROVE-2017-004 and TROVE-2017-005.
For more information about how we handle security issues in Tor, see
our draft policy at:
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
best wishes,
--
Nick
More information about the tor-talk
mailing list