ProHoster > Блог > labaran intanet > Sakin sabon reshe na Tor 0.4.6

Sakin sabon reshe na Tor 0.4.6

An gabatar da sakin kayan aikin Tor 0.4.6.5, wanda aka yi amfani da shi don tsara aikin cibiyar sadarwar Tor da ba a san sunansa ba. An gane sigar Tor 0.4.6.5 a matsayin farkon barga na sakin reshe na 0.4.6, wanda ke ci gaba tsawon watanni biyar da suka gabata. Za a kiyaye reshe na 0.4.6 a matsayin wani ɓangare na sake zagayowar kulawa na yau da kullum - za a dakatar da sabuntawa bayan watanni 9 ko watanni 3 bayan sakin reshen 0.4.7.x. Ana ba da tallafi na dogon lokaci (LTS) don reshen 0.3.5, sabuntawa wanda za a sake shi har zuwa 1 ga Fabrairu, 2022. A lokaci guda, Tor ya sake saki 0.3.5.15, 0.4.4.9 da 0.4.5.9, wanda aka kawar da raunin DoS wanda zai iya haifar da ƙin sabis ga abokan ciniki na sabis na albasa da relays.

Babban canje-canje:

  • An ƙara ikon ƙirƙirar sabis ɗin albasa bisa sigar ƙa'ida ta uku tare da tabbatar da samun damar abokin ciniki ta fayiloli a cikin kundin adireshi na 'authorized_clients'.
  • Don relays, an ƙara tuta wanda ke ba mai kula da kumburi damar fahimtar cewa ba a haɗa na'urar ba a cikin yarjejeniya lokacin da sabobin ke zaɓar kundayen adireshi (misali, lokacin da aka sami yawan relays akan adireshin IP ɗaya).
  • Yana yiwuwa a watsa bayanan cunkoso a cikin bayanan extrainfo, waɗanda za a iya amfani da su don daidaita nauyi a cikin hanyar sadarwa. Ana sarrafa canjin awo ta amfani da zaɓin OverloadStatistics a cikin torrc.
  • An ƙara ikon iyakance ƙarfin haɗin abokin ciniki zuwa relays zuwa tsarin kariya na harin DoS.
  • Relays yana aiwatar da buga ƙididdiga akan adadin sabis ɗin albasa dangane da sigar ka'ida ta uku da yawan zirga-zirgar su.
  • An cire goyon bayan zaɓi na DirPorts daga lambar gudun hijira, wanda ba a yi amfani da shi don irin wannan kumburi ba.
  • An sake fasalin lambar. An matsar da tsarin kariya na harin DoS zuwa mai sarrafa tallafin.
  • Taimakon tsofaffin sabis na albasa bisa tsarin yarjejeniya na biyu, wanda aka ayyana ta daina aiki shekara guda da ta gabata, an dakatar da shi. Cikakken cire lambar da ke da alaƙa da sigar yarjejeniya ta biyu ana tsammanin a cikin faɗuwar. An haɓaka sigar yarjejeniya ta biyu kusan shekaru 16 da suka gabata kuma, saboda amfani da tsoffin algorithms, ba za a iya ɗaukar lafiya a yanayin zamani ba. Shekaru biyu da rabi da suka gabata, a cikin sakin 0.3.2.9, an ba masu amfani da sigar ta uku na ka'idar don sabis na albasa, sananne don canzawa zuwa adiresoshin haruffa 56, ƙarin amintaccen kariya daga leak ɗin bayanai ta hanyar sabar directory, ingantaccen tsari na zamani. da kuma amfani da SHA3, ed25519 da curve25519 algorithms maimakon SHA1, DH da RSA-1024.
  • An gyara lahani:
    • CVE-2021-34550 – samun dama ga wurin ƙwaƙwalwar ajiya a waje da keɓaɓɓen buffer a cikin lambar don tantance bayanan sabis na albasa dangane da sigar na uku na yarjejeniya. Mahara na iya, ta hanyar sanya bayanin sabis na albasa da aka kera na musamman, ya haifar da hatsarin kowane abokin ciniki na ƙoƙarin samun damar wannan sabis ɗin na albasa.
    • CVE-2021-34549 - Yiwuwar hana harin sabis akan relays. Mai hari zai iya ƙirƙirar sarƙoƙi tare da masu ganowa waɗanda ke haifar da karo a cikin ayyukan hash, wanda sarrafa shi yana haifar da nauyi mai nauyi akan CPU.
    • CVE-2021-34548 - Relay na iya zubar da sel RELAY_END da RELAY_RESOLVED a cikin zaren rufaffiyar rabin-rufe, wanda ya ba da damar dakatar da zaren da aka ƙirƙira ba tare da sa hannun wannan relay ɗin ba.
    • TROVE-2021-004 - Ƙara ƙarin bincike don gazawa lokacin kiran janareta na lambar bazuwar OpenSSL (tare da tsohowar aiwatar da RNG a cikin OpenSSL, irin wannan gazawar ba ta faruwa).

    source: budenet.ru

Add a comment