1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 88CCFB19
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 27 Jun 2015 06:21:04 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ie0-f175.google.com (mail-ie0-f175.google.com
[209.85.223.175])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 15340176
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 27 Jun 2015 06:21:04 +0000 (UTC)
Received: by iebrt9 with SMTP id rt9so88047648ieb.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 Jun 2015 23:21:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=SNJdOFYn3DJ49rk+3AejmFmdR5SjqGkAUWMCR1GiNco=;
b=lTFhx4WSg5t+KVfFjD5lIlMapWMhXWGyjU7Wy90Sgy8pPjnVYzBED0Ckc6xARymC4q
KfGjikrIYn4/SazxO1wUrEkBTKJDMKnKuzxONYJTc21Es0u3WRxZY0nkYTsmEA8p0wtn
Gjg7NpWkctqdpMz8LYmwpsBZxm/44pngbWK9NxFHNxYPgPNgVx9LUPYRgsUEa8UQrfgT
KGsl6Itk6Lw3UXxf4h8E2twGV3ds/qPz6CzfkJxO/wOA6CMe7tCStG+Eq9EXJ96FKsFH
8l8wTrll3dGwfAzekgl1KBlzt+HEy7H/J35yECJrlxLur0ZxhTalVuxalTldxIYDRiwV
Ar5g==
MIME-Version: 1.0
X-Received: by 10.43.172.68 with SMTP id nx4mr6949615icc.48.1435386063552;
Fri, 26 Jun 2015 23:21:03 -0700 (PDT)
Received: by 10.107.147.69 with HTTP; Fri, 26 Jun 2015 23:21:03 -0700 (PDT)
Date: Sat, 27 Jun 2015 06:21:03 +0000
Message-ID: <CAAS2fgR0ak5B1gdSvR7s4YRydbpXb0jC45U3V50D6n=aMLUn7w@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: text/plain; charset=UTF-8
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin
Core
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jun 2015 06:21:04 -0000
On July 7th I will be making public details of several serious denial of
service vulnerabilities which have fixed in recent versions of Bitcoin Core,
including CVE-2015-3641.
I strongly recommend anyone running production nodes exposed to inbound
connections from the internet upgrade to 0.10.2 as soon as possible.
Upgrading older systems, especially miners, is also important due to the
BIP66 soft-fork which is about to reach enforcing status, see also:
http://sourceforge.net/p/bitcoin/mailman/message/34199290/
|
