Re: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
Dear Nick, I made an attempt to access Tor. The following error message came back. Platform Version '52.1.2 is not compatible with Mini Version >=45.9.0. Max Version <=45.9.0. How do I resolve this issue? Chris. Sent from my iPhone > On Jun 7, 2017, at 11:15 AM, Nick Mathewsonwrote: > > Hi, all! > > Tomorrow we'll be putting out new releases in all supported series > (0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in > the hidden service code. These vulnerabilities allow an attacker to > cause a hidden service to crash with an assertion failure. We believe > that is the only impact. We are tracking these vulnerabilities as > TROVE-2017-004 and TROVE-2017-005. > > For more information about how we handle security issues in Tor, see > our draft policy at: > > https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy > > best wishes, > -- > Nick > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
On Wed, Jun 7, 2017 at 11:15 AM, Nick Mathewsonwrote: > Hi, all! > > Tomorrow we'll be putting out new releases in all supported series > (0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in > the hidden service code. These vulnerabilities allow an attacker to > cause a hidden service to crash with an assertion failure. We believe > that is the only impact. We are tracking these vulnerabilities as > TROVE-2017-004 and TROVE-2017-005. > > For more information about how we handle security issues in Tor, see > our draft policy at: > > https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy These releases are now available from https://dist.torproject.org/ . They are: 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11, 0.3.0.8, and 0.3.1.3-alpha. It will take a while for the website download page to upgrade, since the system that updates the website tends to get bogged down when there are lots of builders running at once. I'll send out the regular announcements once the download page is up-to-date, since it tends to confuse people when I don't wait for that. If you're running a hidden service, I recommend that you upgrade as soon as a package is available for your system. best wishes, -- Nick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
Hi, all! Tomorrow we'll be putting out new releases in all supported series (0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in the hidden service code. These vulnerabilities allow an attacker to cause a hidden service to crash with an assertion failure. We believe that is the only impact. We are tracking these vulnerabilities as TROVE-2017-004 and TROVE-2017-005. For more information about how we handle security issues in Tor, see our draft policy at: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy best wishes, -- Nick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk