Ukukhishwa kwekhithi yamathuluzi ye-Tor 0.4.6.5, esetshenziselwa ukuhlela ukusebenza kwenethiwekhi ye-Tor engaziwa, kwethulwe. Inguqulo ye-Tor engu-0.4.6.5 ibonwa njengokukhululwa kokuqala okuzinzile kwegatsha elingu-0.4.6, ebelilokhu lithuthukiswa ezinyangeni ezinhlanu ezedlule. Igatsha elingu-0.4.6 lizogcinwa njengengxenye yomjikelezo wokulungisa ovamile - ukubuyekezwa kuzoyekwa ngemva kwezinyanga ezingu-9 noma izinyanga ezi-3 ngemva kokukhululwa kwegatsha elingu-0.4.7.x. Usekelo lwesikhathi eside (LTS) luhlinzekelwe egatsheni le-0.3.5, izibuyekezo ezizokhishwa kuze kube nguFebhuwari 1, 2022. Ngesikhathi esifanayo, i-Tor ikhipha u-0.3.5.15, 0.4.4.9 kanye no-0.4.5.9, okususe ubungozi be-DoS obungabangela ukwenqatshwa kwesevisi kumakhasimende wezinsizakalo zika-anyanisi nama-relay.
Izinguquko eziyinhloko:
- Kwengezwe ikhono lokudala amasevisi ka-anyanisi ngokusekelwe enguqulweni yesithathu yephrothokholi enokuqinisekiswa kokufinyelela kweklayenti ngamafayela ohlwini lwemibhalo oluthi 'authorized_clients'.
- Kuma-relay, kufakwe ifulegi elivumela u-opharetha we-node ukuthi aqonde ukuthi ukudluliselwa akufakiwe ekuvumelaneni lapho amaseva ekhetha izinkomba (isibonelo, uma kukhona ukudluliselwa okuningi ekhelini elilodwa le-IP).
- Kungenzeka ukudlulisa ulwazi lokuminyana kudatha ye-extrainfo, engasetshenziselwa ukulinganisa umthwalo kunethiwekhi. Ukudluliswa kwemethrikhi kulawulwa kusetshenziswa inketho ye-OverloadStatistics ku-torrc.
- Amandla okukhawulela ukushuba kokuxhumeka kweklayenti kuma-relay angeziwe kusistimu engaphansi yokuvikela ukuhlasela kwe-DoS.
- Ukudluliselwa kusebenzisa ukushicilelwa kwezibalo ngenani lamasevisi ka-anyanisi ngokusekelwe kunguqulo yesithathu yephrothokholi kanye nevolumu yethrafikhi yazo.
- Ukusekelwa kwenketho ye-DirPorts kususiwe kukhodi yokudlulisela, engasetshenziselwa lolu hlobo lwenodi.
- Ikhodi yenziwe kabusha. Isistimu engaphansi yokuvikela ukuhlasela kwe-DoS ihanjiswe kumphathi we-subsys.
- Ukusekela izinsizakalo zika-anyanisi ezindala ngokusekelwe enguqulweni yesibili yephrothokholi, okwamenyezelwa ukuthi ayisebenzi ngonyaka odlule, kunqanyuliwe. Ukususwa okuphelele kwekhodi ehambisana nenguqulo yesibili yephrothokholi kulindeleke ekwindla. Inguqulo yesibili yephrothokholi yathuthukiswa cishe eminyakeni eyi-16 edlule futhi, ngenxa yokusetshenziswa kwama-algorithms aphelelwe yisikhathi, ayikwazi ukubhekwa njengephephile ezimweni zanamuhla. Eminyakeni emibili nengxenye edlule, ekukhululweni kwe-0.3.2.9, abasebenzisi banikezwe inguqulo yesithathu yephrothokholi yezinsizakalo zika-anyanisi, okuphawuleka ngokuguqukela kumakheli ezinhlamvu ezingama-56, ukuvikela okuthembekile ekuvuzeni kwedatha ngamaseva wemibhalo, isakhiwo esinwebekayo se-modular. kanye nokusetshenziswa kwe-SHA3, ed25519 kanye ne-curve25519 algorithms esikhundleni se-SHA1, DH ne-RSA-1024.
- Ubungozi bulungisiwe:
- I-CVE-2021-34550 β ukufinyelela endaweni yenkumbulo engaphandle kwebhafa eyabelwe kukhodi yokuhlukanisa izincazelo zesevisi ka-anyanisi ngokusekelwe enguqulweni yesithathu yephrothokholi. Umhlaseli angakwazi, ngokubeka insizakalo ka-anyanisi eklanywe ngokukhethekile, abangele ukuphahlazeka kwanoma yiliphi iklayenti elizama ukufinyelela le sevisi ka-anyanisi.
- I-CVE-2021-34549 - Ukunqatshelwa okungenzeka kokuhlaselwa kwesevisi kuma-relay. Umhlaseli angenza amaketanga anezihlonzi ezidala ukungqubuzana emisebenzini ye-hash, ukucutshungulwa kwakho okuholela ekulayisheni okunzima ku-CPU.
- I-CVE-2021-34548 - I-relay ingase yonakalise u-RELAY_END kanye namaseli angu-RELAY_RESOLVED emicu evalwe uhhafu, okuvumele ukunqanyulwa kochungechunge oludalwe ngaphandle kokuhlanganyela kwalokhu kudluliselwa.
- I-TROVE-2021-004 - Kwengezwe ukuhlola okwengeziwe kokuhluleka lapho ushayela inombolo engahleliwe ye-OpenSSL (ngokusebenzisa okuzenzakalelayo kwe-RNG ku-OpenSSL, ukwehluleka okunjalo akwenzeki).
Source: opennet.ru