gyaran gyare-gyare na kayan aikin Tor (0.3.5.11, 0.4.2.8, 0.4.3.6 da 4.4.2-alpha), ana amfani da su don tsara aikin cibiyar sadarwar Tor. An kawar da su a cikin sababbin iri (CVE-2020-15572), lalacewa ta hanyar samun damar ƙwaƙwalwar ajiya a waje da iyakokin da aka keɓe. Rashin lahani yana ba da damar maharan nesa don haifar da tsarin tor ya fadi. Matsalar tana bayyana ne kawai lokacin gini tare da ɗakin karatu na NSS (ta tsohuwa, an gina Tor tare da OpenSSL, kuma amfani da NSS yana buƙatar ƙayyadaddun tutar “-enable-nss”).
bugu da žari shirin dakatar da goyan bayan siga na biyu na ka'idar sabis na albasa (wanda ake kira ayyukan ɓoye a baya). Shekara daya da rabi da suka wuce, a cikin saki 0.3.2.9, masu amfani sun yi sigar na uku na ka'idar don sabis na albasa, sananne don canzawa zuwa adiresoshin haruffa 56, ƙarin amintaccen kariya daga leaks bayanai ta hanyar sabar directory, ingantaccen tsari da amfani da SHA3, ed25519 da curve25519 algorithms maimakon SHA1, DH da Saukewa: RSA-1024.
An haɓaka sigar yarjejeniya ta biyu kimanin shekaru 15 da suka gabata kuma, saboda amfani da tsoffin algorithms, ba za a iya ɗaukar lafiya a yanayin zamani ba. Yin la'akari da ƙarewar tallafi na tsofaffin rassan, a halin yanzu kowane ƙofar Tor na yanzu yana goyan bayan siga na uku na yarjejeniya, wanda aka bayar ta tsohuwa lokacin ƙirƙirar sabbin sabis na albasa.
A ranar 15 ga Satumba, 2020, Tor zai fara gargadin masu aiki da abokan ciniki game da lalata sigar yarjejeniya ta biyu. A ranar 15 ga Yuli, 2021, za a cire goyan bayan sigar yarjejeniya ta biyu daga ma'auni, kuma a ranar 15 ga Oktoba, 2021, za a sake sakin sabon barga na Tor ba tare da goyan bayan tsohuwar yarjejeniya ba. Don haka, masu tsohon sabis na albasa suna da watanni 16 don canzawa zuwa sabon sigar yarjejeniya, wanda ke buƙatar samar da sabon adireshi mai haruffa 56 don sabis ɗin.
source: budenet.ru