免费SS | 加入收藏 | 设为首页 | 我要投稿 | 赞助本站 | RSS
 

freefq.comfree——免费、自由fq——翻墙

困在墙内,请发邮件到freefqcom#gmail.com获得最新免费翻墙方法!
您当前的位置:首页 > 免费翻墙软件

Tor 0.3.2.6-alpha is released

←分享
时间:2017-12-04  来源:torproject  作者: nickm ★推荐请点击G+1→

原题:Tor 0.3.2.6-alpha is released, with security updatesvY6免费翻墙网

This version of Tor is the latest in the 0.3.2 alpha series. It includes fixes for several important security issues. All Tor users should upgrade to this release, or to one of the other releases coming out today. (The next announcement will be about the stable releases.)

You can download the source from the usual place on the website. Binary packages should be available soon.vY6免费翻墙网

These releases fix the following security bugs. For more informationvY6免费翻墙网
on each one, see the links fromvY6免费翻墙网
https://trac.torproject.org/projects/tor/wiki/TROVEvY6免费翻墙网

TROVE-2017-009: Replay-cache ineffective for v2 onion servicesvY6免费翻墙网
TROVE-2017-010: Remote DoS attack against directory authoritiesvY6免费翻墙网
TROVE-2017-011: An attacker can make Tor ask for a passwordvY6免费翻墙网
TROVE-2017-012: Relays can pick themselves in a circuit pathvY6免费翻墙网
TROVE-2017-013: Use-after-free in onion service v2vY6免费翻墙网

Changes in version 0.3.2.6-alpha - 2017-12-01

  • Major bugfixes (security):
    • Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
    • Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820.
    • When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor's legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819.
  • Major bugfixes (security, onion service v2):
    • Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823.

 vY6免费翻墙网

  • Major bugfixes (security, relay):
    • When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
    • When running as a relay, make sure that we never choose ourselves as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  • Minor feature (relay statistics):
    • Change relay bandwidth reporting stats interval from 4 hours to 24 hours in order to reduce the efficiency of guard discovery attacks. Fixes ticket 23856.
  • Minor features (directory authority):
    • Add an IPv6 address for the "bastet" directory authority. Closes ticket 24394.
  • Minor bugfixes (client):
    • By default, do not enable storage of client-side DNS values. These values were unused by default previously, but they should not have been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.

来自https://blog.torproject.org/tor-0326-alpha-released-security-updatesvY6免费翻墙网

顶一顶请点击右边G+1

分享到:

来顶一下
返回首页
返回首页
欢迎评论:免登录,输入验证码即可匿名评论 共有条评论
用户名: 密码:
验证码: 匿名发表

推荐资讯

Xndroid:基于XX-Net与fqrouter的代理软件
Xndroid:基于XX-Net与
VPN Turbo免费无限流量VPN代理网络加速器
VPN Turbo免费无限流量
翻墙利器蓝灯Lantern更新至3.7.6
翻墙利器蓝灯Lantern更
翻墙神器萤火虫代理firefly-proxy最新版
翻墙神器萤火虫代理fi
相关文章
栏目更新
栏目热门

翻越防火长城,你可以到达世界上的每一个角落!

Across the Great Firewall, you can reach every corner in the world!

特别提醒:本站域名、主机和管理员都在美国,中国大陆人民浏览本站存在法律风险,请立即关闭本站所有页面!对于您因浏览本站所遭遇的法律问题和其他所有问题,本站均无法负责也概不负责。

本站严正声明:各位翻墙的网友切勿将本站介绍的翻墙方法运用于违反当地法律法规的活动,本站对网友的遵纪守法行为表示支持,对网友的违法犯罪行为表示反对!

网站管理员定居美国,因此本站所发的翻墙软件及翻墙方法都未经测试,发布仅供网友测试和参考,但你懂的——翻墙软件或方法随时有可能失效,因此本站信息具有极强时效性,想要更多有效免费翻墙方法敬请阅读本站最新信息,建议收藏本站!本站为纯粹技术网站,支持科学与民主,支持宗教信仰自由,反对恐怖主义、邪教、伪科学与专制,不支持或反对任何极端主义的政治观点或宗教信仰。有注明出处的信息均为转载文章,转载信息仅供参考,并不表明本站支持其观点或行为。未注明出处的信息为本站原创,转载时也请注明来自本站。

鉴于各种免费翻墙软件甚至是收费翻墙软件可能存在的安全风险及个人隐私泄漏可能,本站提醒各位网友做好各方面的安全防护措施!本站无法对提供的翻墙软件、应用或服务等进行全面而严格的安全测试,因此无法对其安全性做保证,无法对您因为安全问题或隐私泄漏等问题造成的任何损失承担任何责任!

650 Castro Street, Suite 120-219 Mountain View, CA, USA, 94041

知识共享许可协议
本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可。