Re: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs

[T]

Dear Nick,
I made an attempt to access Tor. The following error message came back. 
Platform Version '52.1.2 is not compatible with Mini Version >=45.9.0. Max 
Version <=45.9.0. How do I resolve this issue?
Chris. 

Sent from my iPhone 

> On Jun 7, 2017, at 11:15 AM, Nick Mathewson  wrote:
> 
> Hi, all!
> 
> Tomorrow we'll be putting out new releases in all supported series
> (0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in
> the hidden service code. These vulnerabilities allow an attacker to
> cause a hidden service to crash with an assertion failure.  We believe
> that is the only impact.  We are tracking these vulnerabilities as
> TROVE-2017-004 and TROVE-2017-005.
> 
> For more information about how we handle security issues in Tor, see
> our draft policy at:
>
> https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
> 
> best wishes,
> -- 
> Nick
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs

[Nick Mathewson]

On Wed, Jun 7, 2017 at 11:15 AM, Nick Mathewson  wrote:
> Hi, all!
>
> Tomorrow we'll be putting out new releases in all supported series
> (0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in
> the hidden service code. These vulnerabilities allow an attacker to
> cause a hidden service to crash with an assertion failure.  We believe
> that is the only impact.  We are tracking these vulnerabilities as
> TROVE-2017-004 and TROVE-2017-005.
>
> For more information about how we handle security issues in Tor, see
> our draft policy at:
> 
> https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy

These releases are now available from https://dist.torproject.org/ .
They are: 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11,
0.3.0.8, and 0.3.1.3-alpha.

It will take a while for the website download page to upgrade, since
the system that updates the website tends to get bogged down when
there are lots of builders running at once.  I'll send out the regular
announcements once the download page is up-to-date, since it tends to
confuse people when I don't wait for that.

If you're running a hidden service, I recommend that you upgrade as
soon as a package is available for your system.

best wishes,
-- 
Nick
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs

[Nick Mathewson]

Hi, all!

Tomorrow we'll be putting out new releases in all supported series
(0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in
the hidden service code. These vulnerabilities allow an attacker to
cause a hidden service to crash with an assertion failure.  We believe
that is the only impact.  We are tracking these vulnerabilities as
TROVE-2017-004 and TROVE-2017-005.

For more information about how we handle security issues in Tor, see
our draft policy at:

https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy

best wishes,
-- 
Nick
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk