Author Topic: Neuer Stable build 5086 (Schwachstellen-Fix)  (Read 1972 times)

0 Members and 1 Guest are viewing this topic.

Offline Nemo

  • Global Moderator
  • Elite
  • *****
  • Posts: 1303
  • Karma: +27/-0
    • View Profile
Neuer Stable build 5086 (Schwachstellen-Fix)
« on: July 25, 2004, 04:01:38 PM »
Danke an Hans-Dieter, er erwähnte den neuen stable build 5086 auf dem internationalen Freenet-Forum hier auf Planetpeer. :-)

From: Toad <toad@...>
 Subject: Stable build 5086 and major vulnerability fix
 Date: Sat, 24 Jul 2004 00:48:53 +0100
Stable build 5086 is now available. The snapshots have been updated.
Please upgrade ASAP (if you are running the stable branch, which most
Freenet users are). This build fixes a fairly major vulnerability to
passive traffic analysis whereby an attacker could determine (on
uncongested links) the types of messages being transferred, and perhaps
the MRI, and with help from a node from within the network, he could
perhaps trace a message chain's path across much of the network (with a
lot of luck), and perhaps find compromizing information. This is the
initial fix and it may be somewhat wasteful of bandwidth. We will
develop better fixes in the near future, but it is at least backwards
compatible: You should not need to reseed.
How to update:
On POSIX-like systems such as Linux and MacOS/X (or Darwin):
On Windows, you can use the update option on the start menu.
On any platform, you can stop the node, download over your
existing freenet.jar, and then start the node up again.

The next build, 5087, will probably contain a significant CPU usage
improvement by means of using native code to speed up some of the
heaviest crypto and routing operations. That code is not quite ready
yet; look for a release later on Saturday, or perhaps Monday.
Matthew J Toseland - toad@...
Freenet Project Official Codemonkey -
ICTHUS - Nothing is impossible. Our Boss says so.

Support mailing list
Unsubscribe at
Or mailto:support-request@...?subject=unsubscribe

Dieses Mal füge ich keinen Poll hinzu, denn der stable build 5087 ist bereits unterwegs (siehe Zitat oben). Vielen Dank ans Freenet Entwicklerteam! :-)

Matthew hat auf der Entwickler Mailingliste ein krypto-bezogenes Verbindungsproblem:
IMO können wir in den nächsten Tagen weitere neue Stable Builds erwarten. :-)