commit 2d47cb984d0f882e9347f8e7ebcac5723c94337e
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Tue Mar 17 15:37:34 2020 -0400
fold in changelog and blurb for trove-2020-002
---
ChangeLog | 40 ++++++++++++++++++++++++++++++++--------
changes/ticket33119 | 8 --------
2 files changed, 32 insertions(+), 16 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 9c8fecfef..98c3d01ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,11 +1,35 @@
Changes in version 0.4.3.3-alpha - 2020-03-??
- blurb here.
+ Tor 0.4.3.3-alpha fixes several bugs in previous releases, including
+ TROVE-2020-002, a major denial-of-service vulnerability that affected
+ all released Tor instances since 0.2.1.5-alpha. Using this
+ vulnerability, an attacker could cause Tor instances to consume a huge
+ amount of CPU, disrupting their operations for several seconds or
+ minutes. This attack could be launched by anybody against a relay, or
+ by a directory cache against any client that had connected to it. The
+ attacker could launch this attack as much as they wanted, thereby
+ disrupting service or creating patterns that could aid in traffic
+ analysis. This issue was found by OSS-Fuzz, and is also tracked
+ as CVE-2020-10592.
+
+ We do not have reason to believe that this attack is currently being
+ exploited in the wild, but nonetheless we advise everyone to upgrade
+ as soon as packages are available.
+
+ o Major bugfixes (security, denial-of-service):
+ - Fix a denial-of-service bug that could be used by anyone to
+ consume a bunch of CPU on any Tor relay or authority, or by
+ directories to consume a bunch of CPU on clients or hidden
+ services. Because of the potential for CPU consumption to
+ introduce observable timing patterns, we are treating this as a
+ high-severity security issue. Fixes bug 33119; bugfix on
+ 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
+ as TROVE-2020-002 and CVE-2020-10592.
o Major bugfixes (circuit padding, memory leak):
- Avoid a remotely triggered memory leak in the case that a circuit
padding machine is somehow negotiated twice on the same circuit.
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
- This is also tracked as TROVE-2020-004.
+ This is also tracked as TROVE-2020-004 and CVE-2020-10593.
o Major bugfixes (directory authority):
- Directory authorities will now send a 503 (not enough bandwidth)
@@ -44,18 +68,18 @@ Changes in version 0.4.3.3-alpha - 2020-03-??
- Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
on 0.3.2.2-alpha.
- o Minor bugfixes (onion services v3):
- - Fix an assertion failure that could result from a corrupted
- ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
- bugfix on 0.3.3.1-alpha. This issue is also tracked
- as TROVE-2020-003.
-
o Minor bugfixes (onion service v3, client):
- Remove a BUG() warning that would cause a stack trace if an onion
service descriptor was freed while we were waiting for a
rendezvous circuit to complete. Fixes bug 28992; bugfix
on 0.3.2.1-alpha.
+ o Minor bugfixes (onion services v3):
+ - Fix an assertion failure that could result from a corrupted
+ ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
+ bugfix on 0.3.3.1-alpha. This issue is also tracked
+ as TROVE-2020-003.
+
o Documentation (manpage):
- Alphabetize the Server and Directory server sections of the tor
manpage. Also split Statistics options into their own section of
diff --git a/changes/ticket33119 b/changes/ticket33119
deleted file mode 100644
index 11c20bc7a..000000000
--- a/changes/ticket33119
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (security, denial-of-service):
- - Fix a denial-of-service bug that could be used by anyone to consume a
- bunch of CPU on any Tor relay or authority, or by directories to
- consume a bunch of CPU on clients or hidden services. Because
- of the potential for CPU consumption to introduce observable
- timing patterns, we are treating this as a high-severity security
- issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking
- this issue as TROVE-2020-002.