[tor-relays] Advisory: Stack disclosure in hidden services logs when SafeLogging disabled
Nick Mathewson
nickm at torproject.org
Mon Sep 18 18:16:56 UTC 2017
On Mon, Sep 18, 2017 at 1:19 PM, Toralf Förster <toralf.foerster at gmx.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 09/18/2017 03:41 PM, Nick Mathewson wrote:
>> This bug can only happen when the SafeLogging option is disabled,
>> and SafeLogging is enabled by default. If you have not disabled
>> SafeLogging, then you should be fine.
>
> Which should not hinder everybody to upgrade, b/c affected relay admins would upgrade soon and therefore expose themself to run hidden services, right ?
>
Relays are not affected. This bug only affects hidden services that
are running on one of the affected versions.
Still, it's probably a good idea for relays to update anyway. There
are other, smaller bugs fixed in every release.
More information about the tor-relays
mailing list