aboutsummaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
Diffstat (limited to 'changes')
-rw-r--r--changes/issue-2011-10-19L28
-rw-r--r--changes/issue-2011-10-23G9
2 files changed, 37 insertions, 0 deletions
diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L
new file mode 100644
index 000000000..b879c9d40
--- /dev/null
+++ b/changes/issue-2011-10-19L
@@ -0,0 +1,28 @@
+ o Security fixes:
+
+ - Don't send TLS certificate chains on outgoing OR connections
+ from clients and bridges. Previously, each client or bridge
+ would use a single cert chain for all outgoing OR connections
+ for up to 24 hours, which allowed any relay connected to by a
+ client or bridge to determine which entry guards it is using.
+ This is a potential user-tracing bug for *all* users; everyone
+ who uses Tor's client or hidden service functionality should
+ upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by
+ frosty_un.
+
+ - Don't use any OR connection on which we have received a
+ CREATE_FAST cell to satisfy an EXTEND request. Previously, we
+ would not consider whether a connection appears to be from a
+ client or bridge when deciding whether to use that connection to
+ satisfy an EXTEND request. Mitigates CVE-2011-2768, by
+ preventing an attacker from determining whether an unpatched
+ client is connected to a patched relay. Bugfix on FIXME; found
+ by frosty_un.
+
+ - Don't assign the Guard flag to relays running a version of Tor
+ which would use an OR connection on which it has received a
+ CREATE_FAST cell to satisfy an EXTEND request. Mitigates
+ CVE-2011-2768, by ensuring that clients will not connect
+ directly to any relay which an attacker could probe for an
+ unpatched client's connections.
+
diff --git a/changes/issue-2011-10-23G b/changes/issue-2011-10-23G
new file mode 100644
index 000000000..45f86754f
--- /dev/null
+++ b/changes/issue-2011-10-23G
@@ -0,0 +1,9 @@
+ o Security fixes:
+
+ - Reject CREATE and CREATE_FAST cells on outgoing OR connections
+ from a bridge to a relay. Previously, we would accept them and
+ handle them normally, thereby allowing a malicious relay to
+ easily distinguish bridges which connect to it from clients.
+ Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha, when bridges were
+ implemented; found by frosty_un.
+
generated by cgit v1.2.3 (git 2.25.4) at 2024-10-04 01:01:22 +0000