Security Alert – Geth suffers from a very low probable DoS attack vector – Update immediately
Posted by Jeffrey Wilcke on May 17th, 2016.
Affected configurations: All Go client versions
Likelihood: Very low
Severity: High
Details: A bug in Geth (and potentially other clients) may suffer from a DoS attack and allows remote attackers to stall synchronisation process almost indefinitely by supplying a valid, lighter chain. More information will be given out a later time including the report that was submitted through the bug bounty program.
Effects on expected chain reorganisation depth: None
Proposed temporary workaround: None
Remedial action taken by Ethereum: Provision of hotfixes as below:
...
See:
https://blog.ethereum.org/2016/05/17/security-alert-geth-suffers-from-a-very-low-probable-dos-attack-vector-update-immediately/and
Wallet 0.7.4 (Beta 18)
@alexvandesande alexvandesande released this 8 days ago · 67 commits to master since this release
This is a security release. The details on the security issues are described on this blog post.
This is the first release to include geth 1.4 wich should come with some performance improvements and connection fixes.
See:
https://github.com/ethereum/mist/releases/tag/0.7.4Best wishes to all Ether fans!
bitfish