[tor-talk] Tor is out

Roger Dingledine arma at mit.edu
Fri Oct 26 05:04:02 UTC 2012

Tor fixes two important security vulnerabilities that
could lead to remotely triggerable relay crashes, and fixes
a major bug that was preventing clients from choosing suitable exit

I hope this will be the final release candidate for the 0.2.3 series.
That is, if we don't find any urgent issues, the next release will be
called stable.


(Packages coming eventually, hopefully soon since this is the final
release candidate.)

Changes in version - 2012-10-25
  o Major bugfixes (security):
    - Fix a group of remotely triggerable assertion failures related to
      incorrect link protocol negotiation. Found, diagnosed, and fixed
      by "some guy from France". Fix for CVE-2012-2250; bugfix on
    - Fix a denial of service attack by which any directory authority
      could crash all the others, or by which a single v2 directory
      authority could crash everybody downloading v2 directory
      information. Fixes bug 7191; bugfix on

  o Major bugfixes:
    - When parsing exit policy summaries from microdescriptors, we had
      previously been ignoring the last character in each one, so that
      "accept 80,443,8080" would be treated by clients as indicating
      a node that allows access to ports 80, 443, and 808. That would
      lead to clients attempting connections that could never work,
      and ignoring exit nodes that would support their connections. Now
      clients parse these exit policy summaries correctly. Fixes bug 7192;
      bugfix on

  o Minor bugfixes:
    - Clients now consider the ClientRejectInternalAddresses config option
      when using a microdescriptor consensus stanza to decide whether
      an exit relay would allow exiting to an internal address. Fixes
      bug 7190; bugfix on

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20121026/f626f73f/attachment.pgp>

More information about the tor-talk mailing list