mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
11 lines
534 B
Plaintext
11 lines
534 B
Plaintext
o Major bugfixes (security):
|
|
- When checking for replays in the INTRODUCE1 cell data for a (legacy)
|
|
hiddden service, correctly detect replays in the RSA-encrypted part of
|
|
the cell. We were previously checking for replays on the entire cell,
|
|
but those can be circumvented due to the malleability of Tor's legacy
|
|
hybrid encryption. This fix helps prevent a traffic confirmation
|
|
attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also
|
|
tracked as TROVE-2017-009 and CVE-2017-8819.
|
|
|
|
|