7 | | o Major features (security fixes): |
8 | | - Prevent a class of security bugs caused by treating the contents |
9 | | of a buffer chunk as if they were a NUL-terminated string. At |
10 | | least one such bug seems to be present in all currently used |
11 | | versions of Tor, and would allow an attacker to remotely crash |
12 | | most Tor instances, especially those compiled with extra compiler |
13 | | hardening. With this defense in place, such bugs can't crash Tor, |
14 | | though we should still fix them as they occur. Closes ticket |
15 | | 20384 (TROVE-2016-10-001). |
| 3 | > Tor 0.2.8.9 backports a fix for a security hole in previous versions |
| 4 | > of Tor that would allow a remote attacker to crash a Tor client, |
| 5 | > hidden service, relay, or authority. All Tor users should upgrade to |
| 6 | > this version, or to 0.2.9.4-alpha. Patches will be released for older |
| 7 | > versions of Tor. |
| 8 | > |
| 9 | > - Major features (security fixes): |
| 10 | > - Prevent a class of security bugs caused by treating the contents |
| 11 | > of a buffer chunk as if they were a NUL-terminated string. At |
| 12 | > least one such bug seems to be present in all currently used |
| 13 | > versions of Tor, and would allow an attacker to remotely crash |
| 14 | > most Tor instances, especially those compiled with extra compiler |
| 15 | > hardening. With this defense in place, such bugs can't crash Tor, |
| 16 | > though we should still fix them as they occur. Closes ticket |
| 17 | > [https://bugs.torproject.org/20384 20384] (TROVE-2016-10-001). |