The release of the Tor 0.4.6.5 toolkit, used to organize the operation of the anonymous Tor network, has been presented. Tor version 0.4.6.5 is recognized as the first stable release of the 0.4.6 branch, which has been in development for the past five months. The 0.4.6 branch will be maintained as part of the regular maintenance cycle - updates will be discontinued after 9 months or 3 months after the release of the 0.4.7.x branch. Long-term support (LTS) is provided for the 0.3.5 branch, updates for which will be released until February 1, 2022. At the same time, Tor releases 0.3.5.15, 0.4.4.9 and 0.4.5.9 were formed, which eliminated DoS vulnerabilities that could cause a denial of service to clients of onion services and relays.
Major changes:
- Added the ability to create onion services based on the third version of the protocol with authentication of client access through files in the 'authorized_clients' directory.
- For relays, a flag has been added that allows the node operator to understand that the relay is not included in the consensus when servers select directories (for example, when there are too many relays on one IP address).
- It is possible to transmit congestion information in extrainfo data, which can be used for load balancing in the network. Metric transfer is controlled using the OverloadStatistics option in torrc.
- The ability to limit the intensity of client connections to relays has been added to the DoS attack protection subsystem.
- Relays implement the publication of statistics on the number of onion services based on the third version of the protocol and the volume of their traffic.
- Support for the DirPorts option has been removed from the relay code, which is not used for this type of node.
- The code has been refactored. The DoS attack protection subsystem has been moved to the subsys manager.
- Support for old onion services based on the second version of the protocol, which was declared obsolete a year ago, has been discontinued. The complete removal of code associated with the second version of the protocol is expected in the fall. The second version of the protocol was developed about 16 years ago and, due to the use of outdated algorithms, cannot be considered safe in modern conditions. Two and a half years ago, in release 0.3.2.9, users were offered the third version of the protocol for onion services, notable for the transition to 56-character addresses, more reliable protection against data leaks through directory servers, an extensible modular structure and the use of SHA3, ed25519 and curve25519 algorithms instead of SHA1, DH and RSA-1024.
- Vulnerabilities fixed:
- CVE-2021-34550 β access to a memory area outside the allocated buffer in the code for parsing onion service descriptors based on the third version of the protocol. An attacker can, by placing a specially designed onion service descriptor, cause the crash of any client attempting to access this onion service.
- CVE-2021-34549 - A possible denial of service attack on relays. An attacker can form chains with identifiers that cause collisions in hash functions, the processing of which results in a heavy load on the CPU.
- CVE-2021-34548 - A relay could spoof RELAY_END and RELAY_RESOLVED cells in half-closed threads, which allowed the termination of a thread that was created without the participation of this relay.
- TROVE-2021-004 - Added additional checks for failures when calling the OpenSSL random number generator (with the default RNG implementation in OpenSSL, such failures do not occur).
Source: opennet.ru