7 | | o Major features (security fixes): |
8 | | - Prevent a class of security bugs caused by treating the contents |
9 | | of a buffer chunk as if they were a NUL-terminated string. At |
10 | | least one such bug seems to be present in all currently used |
11 | | versions of Tor, and would allow an attacker to remotely crash |
12 | | most Tor instances, especially those compiled with extra compiler |
13 | | hardening. With this defense in place, such bugs can't crash Tor, |
14 | | though we should still fix them as they occur. Closes ticket |
15 | | 20384 (TROVE-2016-10-001). |
| 3 | > Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor |
| 4 | > that would allow a remote attacker to crash a Tor client, hidden |
| 5 | > service, relay, or authority. All Tor users should upgrade to this |
| 6 | > version, or to 0.2.8.9. Patches will be released for older versions of |
| 7 | > Tor. |
| 8 | > |
| 9 | > - Major features (security fixes): |
| 10 | > - Prevent a class of security bugs caused by treating the contents |
| 11 | > of a buffer chunk as if they were a NUL-terminated string. At |
| 12 | > least one such bug seems to be present in all currently used |
| 13 | > versions of Tor, and would allow an attacker to remotely crash |
| 14 | > most Tor instances, especially those compiled with extra compiler |
| 15 | > hardening. With this defense in place, such bugs can't crash Tor, |
| 16 | > though we should still fix them as they occur. Closes ticket 20384 |
| 17 | > (TROVE-2016-10-001). |