I-Tor 0.4.6.5 iza nokusekelwa kwenguqulo yesithathu yezinsizakalo ze-anyanisi futhi ithi ukuvalelisa kwabangaphambilini

Darkcrizt

Imizuzu ye-4

Zimbalwa ezedlule ukukhishwa kwenguqulo entsha yeTor 0.4.6.5 kumenyezelwe okuyi ithathwa njengenguqulo yokuqala ezinzile yegatsha 0.4.6, lokho kuguquke ezinyangeni ezinhlanu ezedlule.

Igatsha 0.4.6 izogcinwa njengengxenye yomjikelezo wesondlo ojwayelekile; Ukuvuselelwa kuzonqanyulwa izinyanga eziyi-9 noma izinyanga ezi-3 ngemuva kokukhishwa kwegatsha le-0.4.7.x, ngaphezu kokuqhubeka nokuhlinzeka ngomjikelezo omude wokuxhasa (LTS) wegatsha le-0.3.5, izibuyekezo zalo ezizokhishwa kuze kube ngu-1 Februwari 2022.

Ngasikhathi sinye, kwakhiwa izinguqulo zeTor 0.3.5.15, 0.4.4.9, kanye no-0.4.5.9, ezazilungisa ukuba sengozini kweDoS ezingadala ukwenqatshwa kwensiza kumakhasimende ezinsizakalo ze-anyanisi nokudlulisa.

Izici ezintsha eziyinhloko zeTor 0.4.6.5

Kule nguqulo entsha ingeze amandla okwenza "amasevisi we-anyanisi" ngokususelwa kunguqulo yesithathu yephrothokholi enegunya lokufinyeleleka kwamakhasimende ngamafayela asenkombeni ye-'uthor_clients '.

Ngaphandle kwalokho futhi kunikezwe amandla okudlulisa imininingwane yokucinana kwimininingwane ye-extrainfo engasetshenziselwa ukulinganisa umthwalo kwinethiwekhi. Ukudluliswa kweMetric kulawulwa inketho ye-OverloadStatistics ku-torrc.

Singathola futhi ukuthi kufakwe ifulegi kokudluliswa okuvumela opharetha we-node ukuthi aqonde ukuthi ukudluliswa akufakiwe ekuvumelaneni lapho amaseva ekhetha izinkomba (ngokwesibonelo, lapho kunokudluliswa okuningi kakhulu kukheli elilodwa le-IP).

Ngakolunye uhlangothi kushiwo lokho ukusekelwa kwezinsizakalo ezindala zika-anyanisi kususiwe Enguqulweni yesibili yephrothokholi, eyamenyezelwa ukuthi ayisasebenzi ngonyaka owedlule. Ukususwa okuphelele kwekhodi okuhambisana nenguqulo yesibili ye-protocol kulindeleke ekwindla. Uhlobo lwesibili lwephrothokholi yathuthukiswa eminyakeni engaba ngu-16 eyedlule, futhi ngenxa yokusetshenziswa kwama-algorithms aphelelwe yisikhathi, ayikwazi ukubhekwa njengephephile ngaphansi kwezimo zesimanje.

Eminyakeni emibili nohhafu eyedlule, enguqulweni engu-0.3.2.9, inguqulo yesithathu yomthetho olandelwayo yanikezwa abasebenzisi, okuphawuleka ngokushintshela kumakheli ezinhlamvu ezingama-56, ukuvikelwa okunokwethenjelwa kakhudlwana ekuvuzeni kwedatha ngamaseva wemikhombandlela, isakhiwo semoduli esandekayo ukusetshenziswa kwama-algorithms SHA3, ed25519 ne-curve25519 esikhundleni se-SHA1, DH ne-RSA-1024.

Ezingcupheni zilungisiwe okulandelayo kuyashiwo:

  • I-CVE-2021-34550: ukufinyelela endaweni yememori ngaphandle kwebhafa eyabelwe ikhodi ukukhombisa izincazelo zensizakalo ye-anyanisi ngokuya ngohlobo lwesithathu lomthetho olandelwayo Umhlaseli, ngokubeka isichazamazwi senkonzo anyanisi esakhiwe ngokukhethekile, angaqala ukuvimba noma yiliphi iklayenti elizama ukufinyelela kule nsizakalo ye-anyanisi.
  • I-CVE-2021-34549 - Amandla okwenza ukuhlasela okubangela ukwenqatshwa kwensizakalo yokudlulisela. Umhlaseli angakha izintambo ngezihlonzi ezidala ukushayisana emsebenzini we-hashi, ukucubungula okuholela kumthwalo omkhulu ku-CPU.
  • I-CVE-2021-34548 - Ukudluliswa kungaphazamisa u-RELAY_END kanye nama-RELAY_RESOLVED amaseli ekugelezeni okuvaliwe, okuvumela ukunqamula ukugeleza okwenziwe ngaphandle kokubandakanyeka kwalokhu kudlulisa.
  • I-TROVE-2021-004: Kungezwe amasheke angeziwe ukuze kutholakale ukwehluleka lapho ufinyelela i-OpenSSL engahleliwe yenombolo ye-generator (ngokusetshenziswa okuzenzakalelayo kwe-RNG ku-OpenSSL, ukwehluleka okunjalo akuveli).

Kwezinye izinguquko okugqamile:

  • Ikhono lokukhawulela amandla wokuxhuma kwamakhasimende ekudluliseni kwengezwe ohlelweni lokuvikela i-DoS.
  • Ekudluliseni, ukushicilelwa kwezibalo ngenani lezinsizakalo ze-anyanisi kwenziwa ngokuya ngohlobo lwesithathu lweprotocol kanye nevolumu yethrafikhi yabo.
  • Ukusekelwa kwenketho ye-DirPorts kususiwe kusuka kukhodi yokudlulisela, engasetshenziseli lolu hlobo lwe-node.
    Ukuphinda usebenzise ikhodi.
  • Isistimu yokuvikela ye-DoS idluliselwe kumphathi wesistimu.

Okokugcina uma unesifiso sokwazi okwengeziwe ngakho mayelana nale nguqulo entsha, ungabheka imininingwane ku- isixhumanisi esilandelayo.

Ungayithola kanjani iTor 0.4.6.5?

Ukuze uthole le nguqulo entsha, vele uye kuwebhusayithi esemthethweni yephrojekthi futhi esigabeni sayo sokulanda singathola ikhodi yomthombo yokuhlanganiswa kwayo. Ungathola ikhodi yomthombo kusuka ku- isixhumanisi esilandelayo.

Ngenkathi yecala elikhethekile labasebenzisi be-Arch Linux singalithola endaweni yokugcina ye-AUR. Okwamanje kuphela lapho iphakethe lingakavuselelwa, ungaliqapha kusuka kusixhumanisi esilandelayo futhi ngokushesha nje lapho kutholakala ungenza ukufakwa ngokuthayipha umyalo olandelayo:

yay -S tor-git


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.