Kuburitswa kweTor 0.4.6.5 toolkit, yakashandiswa kuronga kushanda kweTor network isingazivikanwe, yaratidzwa. Tor version 0.4.6.5 inozivikanwa seyokutanga yakagadzikana kusunungurwa kwebazi re 0.4.6, iro rave richigadzirwa kwemwedzi mishanu yapfuura. Bazi re0.4.6 richachengetwa sechikamu chegadziriro yenguva dzose - zvigadziriso zvichamiswa mushure memwedzi ye9 kana mwedzi mitatu mushure mekubudiswa kwebazi re 3.x. Tsigiro yenguva refu (LTS) inopihwa bazi re0.4.7, zvigadziriso zvichaburitswa kusvika Kukadzi 0.3.5, 1. Panguva imwecheteyo, Tor inoburitsa 2022, 0.3.5.15 uye 0.4.4.9 yakaumbwa, iyo yakabvisa kusagadzikana kweDoS kunogona kukonzera kunyimwa kwesevhisi kune vatengi masevhisi ehanyanisi uye relay.
Shanduko huru:
- Yakawedzera kugona kugadzira masevhisi ehanyanisi zvichibva pane yechitatu vhezheni yeprotocol ine chokwadi chekuwana kwevatengi kuburikidza nemafaira ari mu 'authorized_clients' dhairekitori.
- Kune relays, mureza wakawedzerwa unobvumira iyo node opareta kuti anzwisise kuti relay haina kubatanidzwa mukubvumirana kana maseva achisarudza madhairekitori (semuenzaniso, kana paine akawandisa relay pane imwe IP kero).
- Izvo zvinogoneka kuendesa ruzivo rwekusangana mune data yeextrainfo, iyo inogona kushandiswa pakuremedza kuenzanisa munetiweki. Metric transmission inodzorwa uchishandisa iyo OverloadStatistics sarudzo mu torrc.
- Iko kugona kudzikamisa kusimba kwevatengi vekubatanidza kune relay kwakawedzerwa kune iyo DoS kurwisa kudzivirira subsystem.
- Relays inoshandisa kuburitswa kwehuwandu hwehuwandu hwehanyanisi masevhisi zvichibva pane yechitatu vhezheni yeprotocol uye huwandu hwetraffic yavo.
- Tsigiro yeDirPorts sarudzo yakabviswa kubva kune relay kodhi, iyo isingashandiswe kune iyi mhando yenode.
- Kodhi yakadzokororwa. Iyo DoS kurwisa kuchengetedza subsystem yakaendeswa kune subsys maneja.
- Tsigiro yemasevhisi ehanyanisi ekare anoenderana neshanduro yechipiri yeprotocol, iyo yakanzi isingachashandi gore rapfuura, yakamiswa. Kubviswa kwakakwana kwekodhi yakabatana neyechipiri shanduro yeprotocol inotarisirwa mukudonha. Yechipiri vhezheni yeprotocol yakagadziridzwa anenge makore gumi nematanhatu apfuura uye, nekuda kwekushandiswa kwechinyakare algorithms, haigone kunzi yakachengeteka mumamiriro emazuva ano. Makore maviri nehafu apfuura, mukuburitswa 16, vashandisi vakapihwa iyo yechitatu vhezheni yeprotocol yehanyanisi masevhisi, inocherechedzwa neshanduko kune 0.3.2.9-mavara kero, yakavimbika kuchengetedzwa kubva pakudonha kwedata kuburikidza nemaseva edhairekitori, yakawedzera modular chimiro. uye kushandiswa kweSHA56, ed3 uye curve25519 algorithms panzvimbo yeSHA25519, DH uye RSA-1.
- Kusagadzikana kwakagadziriswa:
- CVE-2021-34550 - kupinda kunzvimbo yekuyeuka kunze kweiyo yakagoverwa buffer mukodhi yekupazarisa onion sevhisi zvinotsanangurwa zvichibva pane yechitatu vhezheni yeprotocol. Anorwisa anogona, nekuisa yakanyatsogadzirwa onion service descriptor, kukonzera kuparara kwechero mutengi ari kuedza kuwana iyi onion service.
- CVE-2021-34549 - Kuramba kungangoita kwekurwiswa kwesevhisi pane relay. Anorwisa anogona kugadzira maketani ane zviziviso zvinokonzeresa kudhumhana mumabasa ehashi, kugadzirisa kwacho kunoguma nekuremerwa paCPU.
- CVE-2021-34548 - Relay inogona kukanganisa RELAY_END uye RELAY_RESOLVED maseru muhafu-akavharwa shinda, izvo zvakabvumira kupera kweshinda yakagadzirwa pasina kutora chikamu kweiyi relay.
- TROVE-2021-004 - Yakawedzera cheki yekuwedzera yekutadza kana uchifonera iyo OpenSSL isina kujairika nhamba jenareta (neiyo default RNG kuita muOpenSSL, kutadza kwakadaro hakuitike).
Source: opennet.ru