移动端 | 加入收藏 | 设为首页 | 最新ss | 赞助本站 | RSS


您当前的位置:首页 > 免费翻墙软件

Arti 1.2.3. (Please upgrade.)

时间:2024-05-30  来源:torproject  作者:nickm 条评论
原题:Security release: Arti 1.2.3. (Please upgrade.)

We have released updates to Arti today, to resolve a pair of security issues related to circuit construction for onion services.gqE免费翻墙网

These vulnerabilities affect the crate tor-circmgr 0.18.0, released along with Arti version 1.2.2. They are fixed in tor-circmgr 0.18.1. (Fixes will also appear in Arti version 1.2.4, to be released on our regular schedule at the start of June.)gqE免费翻墙网

Who is affected

If you use arti to connect to onion services, or to run onion services, and you are using Arti 1.2.2 or tor-circmgr 0.18.0, you should upgrade.gqE免费翻墙网

(In Arti 1.2.1 and earlier, vanguards were still an experimental feature, or absent, so those versions are classified as "not affected", but downgrading to these versions will not improve your security.)gqE免费翻墙网

Upgrade instructions

If you installed Arti via cargo install, use this command to update:gqE免费翻墙网

cargo install --locked --features=full arti
# or whatever --features you used before

If you obtained Arti as source code from git, fetch the tag arti-v1.2.3 and rebuild, with cargo build --locked --release --features=full -p arti.gqE免费翻墙网

The issues

Both issues affect circuit construction when vanguards are enabled, and affect the length.gqE免费翻墙网

First, when building anonymizing circuits to or from an onion service with 'lite' vanguards (the default) enabled, the circuit manager code would build the circuits with one hop too few. This makes users of this code more vulnerable to some kinds of traffic analysis when they run or visit onion services. This bug is tracked as issue #1409, and as TROVE-2024-003. Its severity is "high".gqE免费翻墙网

Second, when 'full' vanguards are enabled, some circuits are supposed to be built with an extra hop to minimize the linkability of the guard nodes. In some circumstances, the circuit manager would build circuits with one hop too few, making it easier for an adversary to discover the L2 and L3 guards of the affected clients and services. This issue is tracked as issue #1400, and as TROVE-2024-004. Its severity is "medium".gqE免费翻墙网

欢迎评论:免登录,输入验证码即可匿名评论 共有条评论
用户名: 密码:
验证码: 匿名发表


Octohide VPN:快如闪电的免费VPN
Octohide VPN:快如闪
原子网络加速器 - 免费高速VPN 一键链接 方便快捷
原子网络加速器 - 免费
Dubai VPN - Free, Fast & Secure VPN下载
Dubai VPN - Free, Fa

你可以访问真正的互联网了。You can access the real Internet.






S. Grand Ave.,Suite 3910,Los Angeles,CA 90071

本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可。