ChangeLog for 0.2.6.7

This commit is contained in:
Nick Mathewson 2015-04-06 09:37:36 -04:00
parent 164c8349fb
commit a5df309d89
5 changed files with 27 additions and 18 deletions

View File

@ -1,3 +1,30 @@
Changes in version 0.2.6.7 - 2015-04-06
Tor 0.2.6.7 fixes two security issues that could be used by an
attacker to crash hidden services, or crash clients visiting hidden
services. Hidden services should upgrade as soon as possible; clients
should upgrade whenever packages become available.
This release also contains two simple improvements to make hidden
services a bit less vulnerable to denial-of-service attacks.
o Major bugfixes (security, hidden service):
- Fix an issue that would allow a malicious client to trigger an
assertion failure and halt a hidden service. Fixes bug 15600;
bugfix on 0.2.1.6-alpha. Reported by "skruffy".
- Fix a bug that could cause a client to crash with an assertion
failure when parsing a malformed hidden service descriptor. Fixes
bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".
o Minor features (DoS-resistance, hidden service):
- Make it harder for attackers to overwhelm hidden services with
introductions, by blocking multiple introduction requests on the
same circuit. Resolves ticket #15515.
- Decrease the amount of reattempts that a hidden service is willing
to perform when its rendezvous circuits fail. This reduces the
computational cost for hidden service under heavy load. Resolves
ticket #11447.
Changes in version 0.2.6.6 - 2015-03-24
Tor 0.2.6.6 is the first stable release in the 0.2.6 series.

View File

@ -1,5 +0,0 @@
o Minor features (DoS-resistance):
- Decrease the amount of reattempts that a hidden service is
willing to perform when its rendezvous circuits fail. This
reduces the computational cost for hidden service under heavy
load. Resolves ticket #11447.

View File

@ -1,4 +0,0 @@
o Minor features (DoS-resistance):
- Make it harder for attackers to overwhelm hidden services with
introductions, by blocking multiple introduction requests on the
same circuit. Resolves ticket #15515.

View File

@ -1,5 +0,0 @@
o Major bugfixes (security, hidden service):
- Fix an issue that would allow a malicious client to trigger
an assertion failure and halt a hidden service. Fixes
bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy".

View File

@ -1,4 +0,0 @@
o Major bugfixes (security, hidden service):
- Fix a bug that could cause a client to crash with an assertion
failure when parsing a malformed hidden service descriptor.
Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".