Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 88CCFB19 for ; Sat, 27 Jun 2015 06:21:04 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ie0-f175.google.com (mail-ie0-f175.google.com [209.85.223.175]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 15340176 for ; Sat, 27 Jun 2015 06:21:04 +0000 (UTC) Received: by iebrt9 with SMTP id rt9so88047648ieb.2 for ; Fri, 26 Jun 2015 23:21:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=SNJdOFYn3DJ49rk+3AejmFmdR5SjqGkAUWMCR1GiNco=; b=lTFhx4WSg5t+KVfFjD5lIlMapWMhXWGyjU7Wy90Sgy8pPjnVYzBED0Ckc6xARymC4q KfGjikrIYn4/SazxO1wUrEkBTKJDMKnKuzxONYJTc21Es0u3WRxZY0nkYTsmEA8p0wtn Gjg7NpWkctqdpMz8LYmwpsBZxm/44pngbWK9NxFHNxYPgPNgVx9LUPYRgsUEa8UQrfgT KGsl6Itk6Lw3UXxf4h8E2twGV3ds/qPz6CzfkJxO/wOA6CMe7tCStG+Eq9EXJ96FKsFH 8l8wTrll3dGwfAzekgl1KBlzt+HEy7H/J35yECJrlxLur0ZxhTalVuxalTldxIYDRiwV Ar5g== MIME-Version: 1.0 X-Received: by 10.43.172.68 with SMTP id nx4mr6949615icc.48.1435386063552; Fri, 26 Jun 2015 23:21:03 -0700 (PDT) Received: by 10.107.147.69 with HTTP; Fri, 26 Jun 2015 23:21:03 -0700 (PDT) Date: Sat, 27 Jun 2015 06:21:03 +0000 Message-ID: From: Gregory Maxwell To: bitcoin-dev@lists.linuxfoundation.org Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2015 06:21:04 -0000 On July 7th I will be making public details of several serious denial of service vulnerabilities which have fixed in recent versions of Bitcoin Core, including CVE-2015-3641. I strongly recommend anyone running production nodes exposed to inbound connections from the internet upgrade to 0.10.2 as soon as possible. Upgrading older systems, especially miners, is also important due to the BIP66 soft-fork which is about to reach enforcing status, see also: http://sourceforge.net/p/bitcoin/mailman/message/34199290/