All users should update as soon as possible!
A new version of the popular Tor software that enables anonymous communication between computers around the world was released today, April 7, in order to fix two security issues discovered in the previous versions.
Tor 0.2.6.7 is a very important update, as it fixes two security issues that could be used by an attacker to either crash hidden services or clients visiting the respective hidden services.
As such, an issue that could cause halting of a hidden service by triggering an assertion failure via a malicious client has been fixed, as well as a bug that could caused a client to crash with an assertion failure if a malformed hidden service descriptor was parsed.
Hidden services are now less vulnerable to DoS attacks
With Tor 0.2.6.7 hidden services are now less vulnerable to DoS (Denial-of-Service) attacks, thanks to a few small modifications to the source code. The new improvements are called DoS-resistance for hidden services.
Therefore, multiple INTRODUCE1 cells are no longer allowed to arrive on the same circuit. The functionality has been implemented in the introduction points and should make it harder for attackers to destroy hidden services with introductions.
Additionally, the amount of reattempts performed by a hidden service when its rendezvous circuits fail has been decreased in the new Tor version, reducing the computational cost of running hidden services under heavy load.
Both hidden services and clients are urged to update immediately
The developers warn all hidden services to upgrade their Tor installation to the new 0.2.6.7 version as soon as possible. Clients are also urged to update to Tor 0.2.6.7 as soon as the package arrives in the default channels of their operating systems.
Download Tor 0.2.6.7 right now from Softpedia or directly from the official website of the project, where you can also find more details about Tor and other related software, such as Tor Browser.
No comments :
Post a Comment