Skip to content

Tor 0.2.2.38 released

19. Aug 2012

As you know from yesterday Tor 0.2.2.38 was released and an updated TorBrowserBundle was released.

The change-log has been posted on the official channels and there was time to update. Please note that the latest RC for the “unstable” branch contains these fixes already.

Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
fixes a remotely triggerable crash bug; and fixes a timing attack that
could in theory leak path information.

https://www.torproject.org/download/download

Changes in version 0.2.2.38 – 2012-08-12
o Security fixes:
– Avoid read-from-freed-memory and double-free bugs that could occur
when a DNS request fails while launching it. Fixes bug 6480;
bugfix on 0.2.0.1-alpha.
– Avoid an uninitialized memory read when reading a vote or consensus
document that has an unrecognized flavor name. This read could
lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
– Try to leak less information about what relays a client is
choosing to a side-channel attacker. Previously, a Tor client would
stop iterating through the list of available relays as soon as it
had chosen one, thus finishing a little earlier when it picked
a router earlier in the list. If an attacker can recover this
timing information (nontrivial but not proven to be impossible),
they could learn some coarse-grained information about which relays
a client was picking (middle nodes in particular are likelier to
be affected than exits). The timing attack might be mitigated by
other factors (see bug 6537 for some discussion), but it’s best
not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.

It is believed that “leaking information by a side-channel” is difficult in the above case. There should be enough noise to avoid revealing timing information. It was fixed to be sure that it can’t hurt anonymity if the assumption turns out to be wrong.

Advertisements

From → General

Comments are closed.

%d bloggers like this: