|
@@ -3,6 +3,31 @@ This document summarizes new features and bugfixes in each stable release
|
|
|
of Tor. If you want to see more detailed descriptions of the changes in
|
|
|
each development snapshot, see the ChangeLog file.
|
|
|
|
|
|
+Changes in version 0.2.2.38 - 2012-08-12
|
|
|
+ Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
|
|
|
+ fixes a remotely triggerable crash bug; and fixes a timing attack that
|
|
|
+ could in theory leak path information.
|
|
|
+
|
|
|
+ o Security fixes:
|
|
|
+ - Avoid read-from-freed-memory and double-free bugs that could occur
|
|
|
+ when a DNS request fails while launching it. Fixes bug 6480;
|
|
|
+ bugfix on 0.2.0.1-alpha.
|
|
|
+ - Avoid an uninitialized memory read when reading a vote or consensus
|
|
|
+ document that has an unrecognized flavor name. This read could
|
|
|
+ lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
|
|
|
+ - Try to leak less information about what relays a client is
|
|
|
+ choosing to a side-channel attacker. Previously, a Tor client would
|
|
|
+ stop iterating through the list of available relays as soon as it
|
|
|
+ had chosen one, thus finishing a little earlier when it picked
|
|
|
+ a router earlier in the list. If an attacker can recover this
|
|
|
+ timing information (nontrivial but not proven to be impossible),
|
|
|
+ they could learn some coarse-grained information about which relays
|
|
|
+ a client was picking (middle nodes in particular are likelier to
|
|
|
+ be affected than exits). The timing attack might be mitigated by
|
|
|
+ other factors (see bug 6537 for some discussion), but it's best
|
|
|
+ not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
|
|
|
+
|
|
|
+
|
|
|
Changes in version 0.2.2.37 - 2012-06-06
|
|
|
Tor 0.2.2.37 introduces a workaround for a critical renegotiation
|
|
|
bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself
|