diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug6252_again | 11 | ||||
| -rw-r--r-- | changes/bug6530 | 5 | ||||
| -rw-r--r-- | changes/pathsel-BUGGY-a | 14 |
3 files changed, 30 insertions, 0 deletions
diff --git a/changes/bug6252_again b/changes/bug6252_again new file mode 100644 index 000000000..f7fd00cb3 --- /dev/null +++ b/changes/bug6252_again @@ -0,0 +1,11 @@ + o Security fixes: + - Tear down the circuit if we get an unexpected SENDME cell. Clients + could use this trick to make their circuits receive cells faster + than our flow control would have allowed, or to gum up the network, + or possibly to do targeted memory denial-of-service attacks on + entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor -- + from July 2002, before the release of Tor 0.0.0. We had committed + this patch previously, but we had to revert it because of bug 6271. + Now that 6271 is fixed, this appears to work. + + diff --git a/changes/bug6530 b/changes/bug6530 new file mode 100644 index 000000000..825bbb752 --- /dev/null +++ b/changes/bug6530 @@ -0,0 +1,5 @@ + o Major security fixes: + - Avoid a read of uninitializd RAM when reading a vote or consensus + document with an unrecognized flavor name. This could lead to a + remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha. + diff --git a/changes/pathsel-BUGGY-a b/changes/pathsel-BUGGY-a new file mode 100644 index 000000000..2e642c795 --- /dev/null +++ b/changes/pathsel-BUGGY-a @@ -0,0 +1,14 @@ + o Security fixes: + + - Try to leak less information about what relays a client is + choosing to a side-channel attacker. Previously, a Tor client + would stop iterating through the list of available relays as + soon as it had chosen one, thus finishing a little earlier + when it picked a router earlier in the list. If an attacker + can recover this timing information (nontrivial but not + proven to be impossible), they could learn some coarse- + grained information about which relays a client was picking + (middle nodes in particular are likelier to be affected than + exits). The timing attack might be mitigated by other factors + (see bug #6537 for some discussion), but it's best not to + take chances. Fixes bug 6537; bugfix on 0.0.8rc1. |