Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 5A27DBB3 for ; Tue, 7 Jul 2015 23:14:20 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ig0-f177.google.com (mail-ig0-f177.google.com [209.85.213.177]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 4DA8D157 for ; Tue, 7 Jul 2015 23:14:19 +0000 (UTC) Received: by igcsj18 with SMTP id sj18so273978278igc.1 for ; Tue, 07 Jul 2015 16:14:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=n79TrbTPfw+9av1KCjbfiJQ+57bdOrv4YPv23vf6PkA=; b=GaPNoXmWIPxnZxX3q3/BkBSqe9r2bLLr8fhqYj+4K523/nhxhIhx1RK10QaR0J1pBs t9JlK7m1Td6cj7gwzUFSKhOyWZE+pEPeBEd70RBu6n4A4R6ebG/dYYZKnh3wQUGieUt8 DMeu39Bh2ov5nB5r9XCsJuF6vEB6jTjdg6K4k7WyM6wsMVMdJhgCsB1en1zl2WUdO+XJ Hv/upZl9PHQrbD8UHenqD5tBz394EdGeLnaJ2hvFcy5GKKt+G9skJ7jie2+26HJ6HbQS Qfgn01v3FtChRx7KJXDWNg6qzaSu/OFarplRUsNzMVx8DC/6WZVYkJqAjpb+sQxTiSd5 DhsA== MIME-Version: 1.0 X-Received: by 10.107.133.234 with SMTP id p103mr11522526ioi.85.1436310858817; Tue, 07 Jul 2015 16:14:18 -0700 (PDT) Received: by 10.107.147.69 with HTTP; Tue, 7 Jul 2015 16:14:18 -0700 (PDT) In-Reply-To: References: Date: Tue, 7 Jul 2015 23:14:18 +0000 Message-ID: From: Gregory Maxwell To: bitcoin-dev@lists.linuxfoundation.org Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jul 2015 23:14:20 -0000 On Sat, Jun 27, 2015 at 6:21 AM, Gregory Maxwell wrote: > On July 7th I will be making public details of several serious denial of > service vulnerabilities which have fixed in recent versions of Bitcoin Core, > including CVE-2015-3641. > > I strongly recommend anyone running production nodes exposed to inbound > connections from the internet upgrade to 0.10.2 as soon as possible. > > Upgrading older systems, especially miners, is also important due to the > BIP66 soft-fork which is about to reach enforcing status, see also: > http://sourceforge.net/p/bitcoin/mailman/message/34199290/ Just an update here-- I'm delaying this somewhat due to recent network turbulance and unusual attempted DOS attack activity on relayed infrastructure. I've also had some requests from other cryptocurrency implementors to use a somewhat longer horizon here.