Tor 0.2.3.10-alpha is out (security fix)
Tor 0.2.3.10-alpha fixes a critical heap-overflow security issue in
Tor's buffers code. Absolutely everybody should upgrade.
The bug relied on an incorrect calculation when making data continuous
in one of our IO buffers, if the first chunk of the buffer was
misaligned by just the wrong amount. The miscalculation would allow an
attacker to overflow a piece of heap-allocated memory. To mount this
attack, the attacker would need to either open a SOCKS connection to
Tor's SocksPort (usually restricted to localhost), or target a Tor
instance configured to make its connections through a SOCKS proxy
(which Tor does not do by default).
Good security practice requires that all heap-overflow bugs should be
presumed to be exploitable until proven otherwise, so we are treating
this as a potential code execution attack. Please upgrade immediately!
This bug does not affect bufferevents-based builds of Tor. Special
thanks to "Vektor" for reporting this issue to us!
This release also contains a few minor bugfixes for issues discovered
Changes in version 0.2.3.10-alpha - 2011-12-16
- Fix a heap overflow bug that could occur when trying to pull
data into the first chunk of a buffer, when that chunk had
already had some data drained from it. Fixes CVE-2011-2778;
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
- If we can't attach streams to a rendezvous circuit when we
finish connecting to a hidden service, clear the rendezvous
circuit's stream-isolation state and try to attach streams
again. Previously, we cleared rendezvous circuits' isolation
state either too early (if they were freshly built) or not at all
(if they had been built earlier and were cannibalized). Bugfix on
0.2.3.3-alpha; fixes bug 4655.
- Fix compilation of the libnatpmp helper on non-Windows. Bugfix on
0.2.3.9-alpha; fixes bug 4691. Reported by Anthony G. Basile.
- Fix an assertion failure when a relay with accounting enabled
starts up while dormant. Fixes bug 4702; bugfix on 0.2.3.9-alpha.
- Update to the December 6 2011 Maxmind GeoLite Country database.
We have just managed to get our first Chinese user over that horrible firewall, using the 0.2.3.10-alpha.
We used a private bridge that is not updated in the bridge list directory.
We are over the moon to have achieved this.
This either means that the handshake was not detected by the Chinese firewall, or that it was temporarily down. We are not sure yet.
We just need some way to get this into the wider Chinese community.
We are over the moon though so far
T-H-A-N-K Y-O-U Tor community.
0.2.3.10-alpha did not contain any changes that would bypass GFW detection.
I think that GFW simply stopped blocking Tor traffic since a few weeks ago. They will probably start blocking again soon and people are working on bypassing GFW detection (see https://trac.torproject.org/projects/tor/ticket/4185 and https://trac.torproject.org/projects/tor/ticket/4744).