移动端 | 加入收藏 | 设为首页 | 我要投稿 | 赞助本站 | RSS
 

freefq.comfree——免费、自由fq——翻墙

困在墙内,请发邮件到freefqcom#gmail.com获得最新免费翻墙方法!
您当前的位置:首页 > 免费翻墙软件

New releases (with security fixes): Tor 0.3.5.14, 0.4.4.8, and 0.4.5.7

时间:2021-04-01  来源:torproject  作者:nickm 条评论

We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.5.7 on the download page. Packages should be available within the next several weeks, with a new Tor Browser coming next week.OqT免费翻墙网

Also today, Tor 0.3.5.14 (changelog) and Tor 0.4.4.8 (changelog) have also been released; you can find them (and source for older Tor releases) at https://dist.torproject.org.OqT免费翻墙网

These releases fix a pair of denial-of-service issues, described below. One of these issues is authority-only.  The other issue affects all Tor instances, and is most damaging on directory authorities and relays.  We recommend that everybody should upgrade to one of these versions once packages are available.OqT免费翻墙网

Tor 0.4.5.7 fixes two important denial-of-service bugs in earlier versions of Tor.OqT免费翻墙网

One of these vulnerabilities (TROVE-2021-001) would allow an attacker who can send directory data to a Tor instance to force that Tor instance to consume huge amounts of CPU. This is easiest to exploit against authorities, since anybody can upload to them, but directory caches could also exploit this vulnerability against relays or clients when they download. The other vulnerability (TROVE-2021-002) only affects directory authorities, and would allow an attacker to remotely crash the authority with an assertion failure. Patches have already been provided to the authority operators, to help ensure network stability.OqT免费翻墙网

We recommend that everybody upgrade to one of the releases that fixes these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available to you.OqT免费翻墙网

This release also updates our GeoIP data source, and fixes a few smaller bugs in earlier releases.OqT免费翻墙网

Changes in version 0.4.5.7 - 2021-03-16

  • Major bugfixes (security, denial of service):
    • Disable the dump_desc() function that we used to dump unparseable information to disk. It was called incorrectly in several places, in a way that could lead to excessive CPU usage. Fixes bug 40286; bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- 001 and CVE-2021-28089.
    • Fix a bug in appending detached signatures to a pending consensus document that could be used to crash a directory authority. Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 and CVE-2021-28090.
  • Minor features (geoip data):
    • We have switched geoip data sources. Previously we shipped IP-to- country mappings from Maxmind's GeoLite2, but in 2019 they changed their licensing terms, so we were unable to update them after that point. We now ship geoip files based on the IPFire Location Database instead. (See https://location.ipfire.org/ for more information). This release updates our geoip files to match the IPFire Location Database as retrieved on 2021/03/12. Closes ticket 40224.

 OqT免费翻墙网

  • Minor bugfixes (directory authority):
    • Now that exit relays don't allow exit connections to directory authority DirPorts (to prevent network reentry), disable authorities' reachability self test on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc.
  • Minor bugfixes (documentation):
    • Fix a formatting error in the documentation for VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha.
  • Minor bugfixes (Linux, relay):
    • Fix a bug in determining total available system memory that would have been triggered if the format of Linux's /proc/meminfo file had ever changed to include "MemTotal:" in the middle of a line. Fixes bug 40315; bugfix on 0.2.5.4-alpha.
  • Minor bugfixes (metrics port):
    • Fix a BUG() warning on the MetricsPort for an internal missing handler. Fixes bug 40295; bugfix on 0.4.5.1-alpha.
  • Minor bugfixes (onion service):
    • Remove a harmless BUG() warning when reloading tor configured with onion services. Fixes bug 40334; bugfix on 0.4.5.1-alpha.
  • Minor bugfixes (portability):
    • Fix a non-portable usage of "==" with "test" in the configure script. Fixes bug 40298; bugfix on 0.4.5.1-alpha.
  • Minor bugfixes (relay):
    • Remove a spammy log notice falsely claiming that the IPv4/v6 address was missing. Fixes bug 40300; bugfix on 0.4.5.1-alpha.
    • Do not query the address cache early in the boot process when deciding if a relay needs to fetch early directory information from an authority. This bug resulted in a relay falsely believing it didn't have an address and thus triggering an authority fetch at each boot. Related to our fix for 40300.
  • Removed features (mallinfo deprecated):
    • Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. Closes ticket 40309.
来顶一下
返回首页
返回首页
欢迎评论:免登录,输入验证码即可匿名评论 共有条评论
用户名: 密码:
验证码: 匿名发表

推荐资讯

高速免费VPN Бесплатно ВПН прокси
高速免费VPN Бесп
SpeedUp VPN - 兼容SSR的免费高速VPN(自带节点)
SpeedUp VPN - 兼容SS
VPN Gratis Ilimitado - Brasil, Chile, Argentina
VPN Gratis Ilimitado
苹果手机iphone的iOS版赛风浏览器
苹果手机iphone的iOS版
相关文章
栏目更新
栏目热门
墙外新闻
读者文摘

你可以访问真正的互联网了。You can access the real Internet.

管理员精中特别提醒:本网站域名、主机和管理员都在美国,且本网站内容仅为非中国大陆网友服务。禁止中国大陆网友浏览本站!若中国大陆网友因错误操作打开本站网页,请立即关闭!中国大陆网友浏览本网站存在法律风险,恳请立即关闭本站所有页面!对于您因浏览本站所遭遇的法律问题、安全问题和其他所有问题,本站均无法负责也概不负责。

特别警告:本站推荐各种免费科学上网软件、app和方法,不建议各位网友购买收费账号或服务。若您因付费购买而遭遇骗局,没有得到想要的服务,请把苦水往自己肚子里咽,本站无法承担也概不承担任何责任!

本站严正声明:各位翻墙的网友切勿将本站介绍的翻墙方法运用于违反当地法律法规的活动,本站对网友的遵纪守法行为表示支持,对网友的违法犯罪行为表示反对!

网站管理员定居美国,因此本站所推荐的翻墙软件及翻墙方法都未经测试,发布仅供网友测试和参考,但你懂的——翻墙软件或方法随时有可能失效,因此本站信息具有极强时效性,想要更多有效免费翻墙方法敬请阅读本站最新信息,建议收藏本站!本站为纯粹技术网站,支持科学与民主,支持宗教信仰自由,反对恐怖主义、邪教、伪科学与专制,不支持或反对任何极端主义的政治观点或宗教信仰。有注明出处的信息均为转载文章,转载信息仅供参考,并不表明本站支持其观点或行为。未注明出处的信息为本站原创,转载时也请注明来自本站。

鉴于各种免费翻墙软件甚至是收费翻墙软件可能存在的安全风险及个人隐私泄漏可能,本站提醒各位网友做好各方面的安全防护措施!本站无法对推荐的翻墙软件、应用或服务等进行全面而严格的安全测试,因此无法对其安全性做保证,无法对您因为安全问题或隐私泄漏等问题造成的任何损失承担任何责任!

S. Grand Ave.,Suite 3910,Los Angeles,CA 90071

知识共享许可协议
本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可。