Tor 0.4.6.5 inouya nerutsigiro rwechitatu vhezheni yeanion masevhisi uye inotaura zvakanaka kune apfuura

Darkcrizt

4 maminitsi

Mashoma apfuura kuburitswa kweiyo nyowani Tor vhezheni 0.4.6.5 yakaziviswa izvo inoonekwa seye yekutanga shanduro yakagadzika yebazi 0.4.6, izvo zvakachinja pamwedzi mishanu yapfuura.

Bazi 0.4.6 ichachengetwa sechikamu chenguva dzose yekuchengetedza kutenderera; Kugadziridza kuchamiswa kwemwedzi mipfumbamwe kana mwedzi mitatu mushure mekuburitswa kwebazi re9.x, pamusoro pekuenderera mberi nekupa refu rutsigiro kutenderera (LTS) kubazi 3, izvo zvidzoreso zvichaburitswa kusvika 0.4.7 Kukadzi 0.3.5.

Panguva imwecheteyo, Tor shanduro 0.3.5.15, 0.4.4.9, uye 0.4.5.9 dzakaumbwa, izvo zvakagadzirisa kushushikana kweDoS izvo zvinogona kukonzera kuramba kwebasa kune Anoni uye Relay sevhisi vatengi.

Main nyowani maficha eTor 0.4.6.5

Mune iyi vhezheni itsva akawedzera kugona kugadzira "hanyanisi masevhisi" zvichibva pane yechitatu vhezheni yeprotocol ine kuvhenekerwa kwevatengi kuburikidza nemafaira mune 'mvumo_clients' dhairekitori.

Kunze kwaizvozvo zvakare iko kugona kwekupfuudza ruzivo rwekusangana mu data ye extrainfo yakapihwa iyo inogona kushandiswa kuyera mutoro pane network. Metric kuchinjisa inodzorwa neiyo OverloadStatistics sarudzo mune torrc.

Tinogona zvakare kuona kuti mureza wakawedzerwa kune iwo ma relays anotendera iyo node opareta kuti anzwisise kuti iyo relay haina kubatanidzwa muchibvumirano kana maseva achisarudza madhairekitori (semuenzaniso, kana paine akawandisa anodzoreredza mune imwechete IP kero).

Kune rimwe divi zvinotaurwa izvo Tsigiro yeakura hanyanisi yakavakirwa masevhisi yabviswa Mune yechipiri vhezheni yeprotocol, iyo yakanzi haina basa gore rapfuura. Kubviswa kwakazara kwekodhi inoenderana neyechipiri vhezheni yeprotocol inotarisirwa mukudonha. Iyo yechipiri vhezheni yeprotocol yakagadziriswa makore angangoita gumi nematanhatu apfuura, uye nekuda kwekushandiswa kwemaalgorithms echinyakare, haigone kunzi yakachengeteka pasi pemamiriro azvino.

Makore maviri nehafu apfuura, mushanduro 0.3.2.9, vashandisi vakapihwa iyo yechitatu vhezheni yeprotocol, inozivikanwa yekuchinja kuenda kune makumi mashanu nematanhatu adhiresi, chengetedzo yakavimbika kubva pakubuda kwedata kuburikidza nemaseva edhairekitori, yakawedzera modular chimiro uye kushandiswa yealgorithms SHA56, ed3 uye curve25519 panzvimbo yeSHA25519, DH uye RSA-1.

Yekushomeka kwakagadziriswa zvinotevera zvinotaurwa:

  • CVE-2021-34550: kupinda munzvimbo yekurangarira kunze kweye buffer yakapihwa kodhi yekuparadzanisa tsananguro yebasa reeiii inoenderana neshanduro yechitatu yeprotocol. Anorwisa anogona, nekuisa yakanyatsogadzirwa yeonion sevhisi yekutsanangura, kutanga kuvharidzira chero mutengi anoedza kuwana sevhisi sevhisi.
  • CVE-2021-34549 - Kugona kuita kurwisa kunokonzeresa kuramba kweanotumira. Anorwisa anogona kugadzira tambo nematanho anokonzeresa mukushanda kwehash, iko kugadziriswa kwacho kunotungamira kune mutoro wakakura pane iyo CPU.
  • CVE-2021-34548 - Iyo relay inogona kukanganisa iyo RELAY_END uye RELAY_RESOLVED maseru mune semi-akavhara kuyerera, ichibvumira kuyerera uko kwakagadzirwa pasina kubatanidzwa kweiyi relay kumiswa.
  • TROVE-2021-004: Wakawedzera mamwe macheki kuti aone kukundikana kana uchinge wawana iyo OpenSSL isina kujairika nhamba jenareta (pamwe nekumisikidza kuitiswa kweRNG muOpenSSL, kukundikana kwakadaro hakuoneke).

Yeimwe shanduko izvo zvinomira pachena:

  • Iko kugona kudzikamisa kusimba kwevatengi kubatana kune anodzoreredzwa kwawedzerwa kune iyo DOS kuchengetedza subsystem.
  • Muma relays, kuburitswa kwehuwandu hwehuwandu hwehuwandu hweevhisi masevhisi kunoitwa zvichibva pane yechitatu vhezheni yeprotocol uye huwandu hwevazhinji traffic.
  • Tsigiro yesarudzo yeDirPorts yabviswa kubva pane iyo kodhi yekudzosera, iyo isiri kushandiswa kune iyi mhando yenode.
    Code kodhi.
  • Iyo yeDoS dziviriro sisitimu yakaendeswa kune iyo subystem maneja.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezve iyi vhezheni nyowani, unogona kutarisa izvo zvinyorwa mu chinotevera chinongedzo.

Ungawana sei Tor 0.4.6.5?

Kuti uwane iyi vhezheni itsva, ingo enda kune webhusaiti yepamutemo yeprojekti uye muchikamu chayo chekurodha tinokwanisa kuwana kodhi yekodhi yekuumbwa kwayo. Unogona kuwana kodhi yekodhi kubva ku inotevera chinongedzo.

Panguva yechinhu chakakosha chevashandisi veArch Linux tinogona kuchiwana kubva kuAUR repository. Chete panguva iyo pasuru isati yagadziriswa, unogona kuitarisa kubva pane inotevera chinongedzo uye nekukurumidza painowanikwa iwe unogona kuita iyo yekuisa nekunyora iwo unotevera kuraira:

yay -S tor-git


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako