[tor-announce] [RELEASE] Tor security release 0.4.8.10
David Goulet
dgoulet at torproject.org
Fri Dec 8 19:19:48 UTC 2023
Greetings,
We just released 0.4.8.10 fixing a high severity security bug.
https://forum.torproject.org/t/security-release-0-4-8-10/10536
Please upgrade as soon as possible! ChangeLog is below.
Cheers!
David
Changes in version 0.4.8.10 - 2023-12-08
This is a security release fixing a high severity bug (TROVE-2023-007)
affecting Exit relays supporting Conflux. We strongly recommend to update as
soon as possible.
o Major bugfixes (TROVE-2023-007, exit):
- Improper error propagation from a safety check in conflux leg
linking lead to a desynchronization of which legs were part of a
conflux set, ultimately causing a UAF and NULL pointer dereference
crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on December 08, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/12/08.
o Minor bugfixes (bridges, statistics):
- Correctly report statistics for client count over Pluggable
transport. Fixes bug 40871; bugfix on 0.4.8.4
--
KoiYV0r+s/gBA1mtD5BF4cLB+oko0QSvpdfwKThv3Ko=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20231208/66efe35e/attachment.sig>
More information about the tor-announce
mailing list