I-Tor 0.4.6.5 iza nenkxaso kuhlobo lwesithathu lweenkonzo ze-anyanisi kwaye ithi ndlela-ntle kule yangaphambili

Darkcrizt

Imizuzu ye4

Zimbalwa ezidlulileyo ukukhutshwa kwenguqulelo entsha yeTor 0.4.6.5 kwabhengezwa eyiphi ithathwa njengenguqulelo yokuqala ezinzileyo yesebe 0.4.6, iguqukile kwiinyanga ezintlanu ezidlulileyo.

Isebe 0.4.6 ziya kugcinwa njengenxalenye yomjikelo wolondolozo rhoqo; Ukuhlaziywa kuya kupheliswa iinyanga ezili-9 okanye iinyanga ezi-3 emva kokukhutshwa kwesebe le-0.4.7.x, ukongeza ekuqhubekeni kokubonelela ngomjikelo wenkxaso ende (LTS) kwisebe le-0.3.5, uhlaziyo lwayo oluya kukhutshwa kude kube li-1. NgoFebruwari 2022.

Kwangelo xesha, iinguqulelo zeTor 0.3.5.15, 0.4.4.9, kunye ne-0.4.5.9 zenziwa, ezalungisa ukuba semngciphekweni kwe-DoS ezinokubangela ukwaliwa kwenkonzo kubaxhasi be-anyanisi kunye neenkonzo zokudlulisa.

Iimpawu ezintsha eziphambili zeTor 0.4.6.5

Kule nguqulo intsha yongeze amandla okwenza "iinkonzo ze-anyanisi" esekwe kuhlobo lwesithathu yomgaqo olandelwayo ngokufikelela kwabaxhasi kwiifayile kulawulo 'lwabathengi abagunyazisiweyo'.

Ngaphandle koko ukubanakho kokudlulisa ulwazi lokuxinana kwidatha ye-extrainfo kubonelelwe enokusetyenziselwa ukulinganisa umthwalo kwinethiwekhi. Ukuhanjiswa kweMetriki kulawulwa kukhetho lwe-OverloadStatistics kwi-torrc.

Singafumanisa ukuba iflegi yongeziwe kulungelelwaniso oluvumela umqhubi we-node ukuba aqonde ukuba udluliso alufakwanga kwimvumelwano xa iiseva zikhetha imikhombandlela (umzekelo, xa kuninzi kakhulu ukuhanjiswa kwidilesi enye ye-IP).

Kwelinye icala kuyakhankanywa ukuba Inkxaso yeenkonzo ezindala ezisekwe kutswele isusiwe Kwinguqulelo yesibini yomgaqo, owabhengezwa ukuba uphelelwe lixesha kunyaka ophelileyo. Ukususwa ngokupheleleyo kwekhowudi ehambelana nohlobo lwesibini lwenkqubo kulindeleke ekwindla. Inguqulelo yesibini yomgaqo-nkqubo yaphuhliswa malunga neminyaka eli-16 eyadlulayo, kwaye ngenxa yokusebenzisa ii-algorithms eziphelelwe lixesha, ayinakuthathwa njengekhuselekileyo phantsi kweemeko zangoku.

Kwiminyaka emibini enesiqingatha eyadlulayo, kwinguqulelo engu-0.3.2.9, inguqulelo yesithathu yomgaqo-nkqubo yanikezelwa kubasebenzisi, eyaziwayo yotshintsho kwiidilesi ezinabalinganiswa abangama-56, ukhuseleko oluthembekileyo ngokuchasene nokuvuza kwedatha ngeeseva zomkhombandlela, ubume bemodyuli eyandisiweyo kunye Ukusetyenziswa kwe-algorithms SHA3, ed25519 kunye nejikave25519 endaweni ye-SHA1, DH kunye ne-RSA-1024.

Kobuthathaka obulungisiweyo oku kulandelayo kuchaziwe:

  • I-CVE-2021-34550: ukufikelela kwindawo yememori ngaphandle kwesikhuseli esabiweyo kwikhowudi yokuhambisa iinkcazo zenkonzo ye-anyanisi esekwe kuhlobo lwesithathu lwenkqubo. Umhlaseli unokuthi, ngokubeka inkcazo yenkonzo ye-anyanisi eyenziwe ngokukodwa, aqale ukuvimba nawuphi na umxhasi ozama ukufikelela kule nkonzo ye-anyanisi.
  • I-CVE-2021-34549 -Ukwazi ukwenza uhlaselo oludala ukwaliwa kwenkonzo yokudlulisela. Umhlaseli angenza imitya enezichazi ezibangela ukungqubana ekusebenzeni kwe-hash, olwenziwayo olukhokelela kumthwalo omkhulu kwi-CPU.
  • I-CVE-2021-34548 -Ukuhambisa kwakhona kunokuphamba RELAY_END kunye ne-RELAY_RESOLVED iiseli kwimigangatho evaliweyo, ukuvumela ukuphelisa ukuhamba okwenziwe ngaphandle kokubandakanyeka kolu dluliso.
  • I-TROVE-2021-004: Yongeze iitshekhi ukukhangela ukusilela xa ungena kwi-OpenSSL yenombolo yenkunkuma (kunye nokusetyenziswa okungagqibekanga kwe-RNG kwi-OpenSSL, ezo ntsilelo azibonakali).

Olunye utshintsho ezibalaseleyo:

  • Ukukwazi ukunciphisa umda kunxibelelwano lwabathengi kulungelelwaniso longezwe kwinkqubo yokhuseleko lwe-DoS.
  • Kwi-relays, ukupapashwa kwamanani ngenani leenkonzo ze-anyanisi kuphunyezwa ngokusekwe kuhlobo lwesithathu lwenkqubo kunye nomthamo wezithuthi zabo.
  • Inkxaso kukhetho lwe-DirPorts isusiwe kwikhowudi yokudluliselwa, engasetyenziselwanga olu hlobo lwendawo.
    Ukuphinda usebenzise ikhowudi.
  • Inkqubo esezantsi yokhuselo lwe-DoS ihanjiselwe kumphathi wenkqubo esezantsi.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nale nguqulo intsha, ungakhangela iinkcukacha kwi eli khonkco lilandelayo.

Ufumana njani iTor 0.4.6.5?

Ukuze ufumane le nguqulo intsha, vele uye kwiwebhusayithi esemthethweni yeprojekthi kwaye kwicandelo lokukhuphela sinokufumana ikhowudi yemvelaphi yokudityaniswa kwayo. Unokufumana ikhowudi yemvelaphi kwi ukulandela ikhonkco.

Ngelixa ityala elikhethekileyo labasebenzisi beArch Linux sinokuyifumana kwindawo yokugcina i-AUR. Kuphela ngalo mzuzu iphakheji ingakhange ihlaziywe, unokuyijonga kule khonkco ilandelayo kwaye nje ukuba ifumaneke unokwenza ufakelo ngokuchwetheza lo myalelo ulandelayo:

yay -S tor-git


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.