Changelog and blurb for 0.2.3.10-alpha
This commit is contained in:
parent
e402edd960
commit
a7b5e72463
29
ChangeLog
29
ChangeLog
|
@ -1,5 +1,30 @@
|
||||||
Changes in version 0.2.3.10-alpha - 201?-??-??
|
Changes in version 0.2.3.10-alpha - 2011-12-16
|
||||||
|
Tor 0.2.3.10-alpha fixes a critical heap-overflow security issue in Tor's
|
||||||
|
buffers code. Absolutely everybody should upgrade.
|
||||||
|
|
||||||
|
The bug relied on an incorrect calculation when making data continuous
|
||||||
|
in one of our IO buffers, if the first chunk of the buffer was
|
||||||
|
misaligned by just the wrong amount. The miscalculation would allow an
|
||||||
|
attacker to overflow a piece of heap-allocated memory. To mount this
|
||||||
|
attack, the attacker would need to either open a SOCKS connection to
|
||||||
|
Tor's SocksPort (usually restricted to localhost), or target a Tor
|
||||||
|
instance configured to make its connections through a SOCKS proxy
|
||||||
|
(which Tor does not do by default).
|
||||||
|
|
||||||
|
Good security practice requires that all heap-overflow bugs should be
|
||||||
|
presumed to be exploitable until proven otherwise, so we are treating
|
||||||
|
this as a potential code execution attack. Please upgrade immediately!
|
||||||
|
This bug does not affect bufferevents-based builds of Tor. Special
|
||||||
|
thanks to "Vektor" for reporting this issue to us!
|
||||||
|
|
||||||
|
This release also contains a few minor bugfixes for issues
|
||||||
|
discovered in 0.2.3.9-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Fix a heap overflow bug that could occur when trying to pull
|
||||||
|
data into the first chunk of a buffer, when that chunk had
|
||||||
|
already had some data drained from it. Fixes CVE-2011-2778;
|
||||||
|
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
|
||||||
|
|
||||||
o Minor bugfixes:
|
o Minor bugfixes:
|
||||||
- If we can't attach streams to a rendezvous circuit when we
|
- If we can't attach streams to a rendezvous circuit when we
|
||||||
|
@ -11,8 +36,6 @@ Changes in version 0.2.3.10-alpha - 201?-??-??
|
||||||
Bugfix on 0.2.3.3-alpha; fixes bug 4655.
|
Bugfix on 0.2.3.3-alpha; fixes bug 4655.
|
||||||
- Fix compilation of the libnatpmp helper on non-Windows. Bugfix on
|
- Fix compilation of the libnatpmp helper on non-Windows. Bugfix on
|
||||||
0.2.3.9-alpha; fixes bug 4691. Reported by Anthony G. Basile.
|
0.2.3.9-alpha; fixes bug 4691. Reported by Anthony G. Basile.
|
||||||
|
|
||||||
o Minor bugfixes:
|
|
||||||
- Fix an assertion failure when a relay with accounting enabled
|
- Fix an assertion failure when a relay with accounting enabled
|
||||||
starts up while dormant. Fixes bug 4702; bugfix on
|
starts up while dormant. Fixes bug 4702; bugfix on
|
||||||
0.2.3.9-alpha.
|
0.2.3.9-alpha.
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
|
|
||||||
o Major bugfixes:
|
|
||||||
- Fix a heap overflow bug that could occur when trying to pull
|
|
||||||
data into the first chunk of a buffer, when that chunk had
|
|
||||||
already had some data drained from it. Fixes CVE-2011-2778;
|
|
||||||
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
|
|
||||||
|
|
Loading…
Reference in New Issue