[tor-talk] Upcoming Tor security releases to fix a denial-of-service issue
hack3rcon at yahoo.com
hack3rcon at yahoo.com
Wed Mar 18 13:26:37 UTC 2020
Please fix Orbot.
On Monday, March 16, 2020, 08:56:25 PM GMT+3:30, Nick Mathewson <nickm at torproject.org> wrote:
Hello!
Some time this week, we currently plan to put out a set of security
updates for all supported versions of Tor. These releases will fix a
pair of denial-of-service bugs: one that we are classifying at "low"
severity, and one that we are classifying at "high" severity.
Our recommendation will be for everybody, including relays and
clients, to upgrade once packages are available for their platforms.
Although these vulnerabilities are "only" denial-of-service issues,
any denial-of-service attack against Tor could be leveraged by an
attacker to aid in a traffic analysis attack.
To the best of our knowledge, these vulnerabilities are not being
exploited in the wild.
Currently supported release series are 0.3.5, 0.4.1, 0.4.2, and 0.4.3
(alpha). If you have not yet upgraded to one of those, the time to do
so is soon.
For our policy and process for handing security issues, please see:
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
best wishes,
--
Nick
--
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
More information about the tor-talk
mailing list