[tor-commits] [tor/release-0.2.6] releasenotes for 0.2.6.7

nickm at torproject.org nickm at torproject.org
Mon Apr 6 14:03:23 UTC 2015 

commit c4e63b6705ce98a857eb341b79790b1440085fde
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Apr 6 09:58:39 2015 -0400

    releasenotes for 0.2.6.7
---
 ReleaseNotes |   28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/ReleaseNotes b/ReleaseNotes
index 57abebf..ff32d96 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -4,6 +4,34 @@ of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
 
+Changes in version 0.2.6.7 - 2015-04-06
+  Tor 0.2.6.7 fixes two security issues that could be used by an
+  attacker to crash hidden services, or crash clients visiting hidden
+  services. Hidden services should upgrade as soon as possible; clients
+  should upgrade whenever packages become available.
+
+  This release also contains two simple improvements to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+    - Decrease the amount of reattempts that a hidden service performs
+      when its rendezvous circuits fail. This reduces the computational
+      cost for running a hidden service under heavy load. Resolves
+      ticket 11447.
+ 
+
 Changes in version 0.2.6.6 - 2015-03-24
   Tor 0.2.6.6 is the first stable release in the 0.2.6 series.

More information about the tor-commits mailing list