Discussion:
Upcoming DOS vulnerability announcements for Bitcoin Core
(too old to reply)
Gregory Maxwell
2015-06-27 06:21:03 UTC
Permalink
On July 7th I will be making public details of several serious denial of
service vulnerabilities which have fixed in recent versions of Bitcoin Core,
including CVE-2015-3641.

I strongly recommend anyone running production nodes exposed to inbound
connections from the internet upgrade to 0.10.2 as soon as possible.

Upgrading older systems, especially miners, is also important due to the
BIP66 soft-fork which is about to reach enforcing status, see also:
http://sourceforge.net/p/bitcoin/mailman/message/34199290/
Wladimir J. van der Laan
2015-06-27 07:49:47 UTC
Permalink
Post by Gregory Maxwell
http://sourceforge.net/p/bitcoin/mailman/message/34199290/
New archive link:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-June/008578.html

Wladimir
Thomas Pryds
2015-06-27 17:55:20 UTC
Permalink
Post by Gregory Maxwell
I strongly recommend anyone running production nodes exposed to inbound
connections from the internet upgrade to 0.10.2 as soon as possible.
Does anybody know when/if 0.10.2 will be available on the Ubuntu PPA?

I could of course just install manually, but I like the convenience of a
PPA.
Jameson Lopp
2015-06-27 18:22:01 UTC
Permalink
According to the release notes, the 0.10.2 release only had notable changes
for Windows. https://bitcoin.org/en/release/v0.10.2

It's not clear that there were any vulnerability patches in 0.10.2 itself
that apply to Ubuntu.

- Jameson
Post by Thomas Pryds
Post by Gregory Maxwell
I strongly recommend anyone running production nodes exposed to inbound
connections from the internet upgrade to 0.10.2 as soon as possible.
Does anybody know when/if 0.10.2 will be available on the Ubuntu PPA?
I could of course just install manually, but I like the convenience of a
PPA.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Thomas Pryds
2015-06-27 20:53:51 UTC
Permalink
Post by Jameson Lopp
According to the release notes, the 0.10.2 release only had notable
changes for Windows. https://bitcoin.org/en/release/v0.10.2

Ah, makes sense, then, that the PPA doesn't carry 0.10.2. Thank you.
Gregory Maxwell
2015-07-07 23:14:18 UTC
Permalink
Post by Gregory Maxwell
On July 7th I will be making public details of several serious denial of
service vulnerabilities which have fixed in recent versions of Bitcoin Core,
including CVE-2015-3641.
I strongly recommend anyone running production nodes exposed to inbound
connections from the internet upgrade to 0.10.2 as soon as possible.
Upgrading older systems, especially miners, is also important due to the
http://sourceforge.net/p/bitcoin/mailman/message/34199290/
Just an update here-- I'm delaying this somewhat due to recent network
turbulance and unusual attempted DOS attack activity on relayed
infrastructure.
I've also had some requests from other cryptocurrency implementors to
use a somewhat longer horizon here.

Loading...