Red Hat Bugzilla – Bug 249840
Version 0.1.2.15 of tor introduces security fixes
Last modified: 2007-11-30 17:12:11 EST
Description of problem:
o Major bugfixes (security):
- Fix a possible buffer overrun when using BSD natd support. Bug
found by croup.
- When sending destroy cells from a circuit's origin, don't include
the reason for tearing down the circuit. The spec says we didn't,
and now we actually don't. Reported by lodger.
- Keep streamids from different exits on a circuit separate. This
bug may have allowed other routers on a given circuit to inject
cells into streams. Reported by lodger; fixes bug 446.
- If there's a never-before-connected-to guard node in our list,
never choose any guards past it. This way we don't expand our
guard list unless we need to.
tor-0.1.2.16-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.