From: Gavin Andresen <gavin@bitcoinfoundation•org>
To: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: [Bitcoin-development] 0.8.4 released, fixes critical denial-of-service issue
Date: Wed, 4 Sep 2013 11:16:35 +1000 [thread overview]
Message-ID: <CABsx9T1hwD3psM14mGKwWpk3RwZTXJviP=AtcHWpBeYbAB410A@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2758 bytes --]
Bitcoin-Qt version 0.8.4 is now available from:
http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.4/
This is a maintenance release to fix a critical bug and three
security issues; we urge all users to upgrade.
There were no changes from 0.8.4 release candidate 2, so if you are running
0.8.4rc2 you do not need to upgrade.
Please report bugs using the issue tracker at github:
https://github.com/bitcoin/bitcoin/issues
How to Upgrade
--------------
If you are running an older version, shut it down. Wait
until it has completely shut down (which might take a few minutes for older
versions), then run the installer (on Windows) or just copy over
/Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux).
If you are upgrading from version 0.7.2 or earlier, the first time you
run 0.8.4 your blockchain files will be re-indexed, which will take
anywhere from 30 minutes to several hours, depending on the speed of
your machine.
0.8.4 Release notes
===================
Security issues
---------------
An attacker could send a series of messages that resulted in
an integer division-by-zero error in the Bloom Filter handling
code, causing the Bitcoin-Qt or bitcoind process to crash.
Bloom filters were introduced with version 0.8, so versions 0.8.0
through 0.8.3 are vulnerable to this critical denial-of-service attack.
A constant-time algorithm is now used to check RPC password
guess attempts; fixes https://github.com/bitcoin/bitcoin/issues/2838
(CVE-2013-4165)
Implement a better fix for the fill-memory-with-orphan-transactions
attack that was fixed in 0.8.3. See
https://bitslog.wordpress.com/2013/07/18/buggy-cve-2013-4627-patch-open-new-vectors-of-attack/
for a description of the weaknesses of the previous fix.
(CVE-2013-4627)
Bugs fixed
----------
Fix multi-block reorg transaction resurrection.
Fix non-standard disconnected transactions causing mempool orphans.
This bug could cause nodes running with the -debug flag to crash.
OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.
Linux: clicking on bitcoin: links was broken if you were using
a Gnome-based desktop.
Fix a hang-at-shutdown bug that only affects users that compile
their own version of Bitcoin against Boost versions 1.50-1.52.
Other changes
-------------
Checkpoint at block 250,000 to speed up initial block downloads
and make the progress indicator when downloading more accurate.
Thanks to everybody who contributed to the 0.8.4 releases!
----------------------------------------------------------
Pieter Wuille
Warren Togami
Patrick Strateman
pakt
Gregory Maxwell
Sergio Demian Lerner
grayleonard
Cory Fields
Matt Corallo
Gavin Andresen
[-- Attachment #2: Type: text/html, Size: 4103 bytes --]
reply other threads:[~2013-09-04 1:16 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABsx9T1hwD3psM14mGKwWpk3RwZTXJviP=AtcHWpBeYbAB410A@mail.gmail.com' \
--to=gavin@bitcoinfoundation$(echo .)org \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox