Gavin Andresen (OP)
Legendary
Offline
Activity: 1652
Merit: 2300
Chief Scientist
|
|
June 25, 2013, 05:59:17 PM |
|
Bitcoin-Qt version 0.8.3 is now available from: http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.3/This is a maintenance release to fix a denial-of-service attack that can cause nodes to crash. Please report bugs using the issue tracker at github: https://github.com/bitcoin/bitcoin/issues0.8.3 Release notesTruncate over-size messages to prevent a memory exhaustion attack. Fix a regression that causes excessive re-writing of the 'peers.dat' file.
Thanks to Peter Todd for responsibly disclosing the vulnerability ( CVE-2013-4627 ) and creating a fix.
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
inbox
|
|
June 25, 2013, 06:09:35 PM |
|
Nice update. Thanks for this. Bitcoin-Qt continues to be one of my favorite wallets.
|
|
|
|
Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
June 25, 2013, 06:15:48 PM |
|
Thanks for the continued excellent work.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
Fizzgig
|
|
June 25, 2013, 06:30:09 PM |
|
May we all remember the temporary solutions and keep an eye toward the future where Bitcoin is open and accessible to all. Thank you for all your work.
|
Best Bitcoin supported browser game: Minethings: Dig, Trade, and Fight your way to influence!
|
|
|
jaminunit
Member
Offline
Activity: 132
Merit: 14
Co-Founder of TheStandard.io & Vaultoro.com
|
|
June 25, 2013, 06:32:54 PM |
|
Cool! I look forward to seeing what you create in the heat and rain of far north Queensland Australia:)
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
June 25, 2013, 06:39:27 PM |
|
Truncate over-size messages to prevent a memory exhaustion attack. So that's what was happening. I thought my node kept crashing because I just hadn't allocated enough to memory to the VM it was running in.
|
|
|
|
dillpicklechips
|
|
June 25, 2013, 06:46:17 PM |
|
Truncate over-size messages to prevent a memory exhaustion attack.
.... Thanks to Peter Todd for responsibly disclosing the vulnerability ( CVE-2013-4627 ) and creating a fix.
Any idea on if the attack was used or it's impact at the time?
|
|
|
|
rme
|
|
June 25, 2013, 06:53:00 PM |
|
Good work, Gavin, keep working Thanks
|
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1099
|
|
June 25, 2013, 06:55:07 PM |
|
Any idea on if the attack was used or it's impact at the time?
Yes, it was used. Some lower memory nodes crashed.
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
ct1aic
|
|
June 25, 2013, 07:11:53 PM |
|
Bitcoin-Qt version 0.8.3 is now available from: http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.3/This is a maintenance release to fix a denial-of-service attack that can cause nodes to crash. Please report bugs using the issue tracker at github: https://github.com/bitcoin/bitcoin/issues0.8.3 Release notesTruncate over-size messages to prevent a memory exhaustion attack. Fix a regression that causes excessive re-writing of the 'peers.dat' file.
Thanks to Peter Todd for responsibly disclosing the vulnerability ( CVE-2013-4627 ) and creating a fix. Many thanks for this update.
|
Rui Costa, Portugal - BTC : 1ct1aicGoUVpZeovsw3cCcPJZJHV5JXtW
|
|
|
Gyrsur
Legendary
Offline
Activity: 2856
Merit: 1520
Bitcoin Legal Tender Countries: 2 of 206
|
|
June 25, 2013, 07:12:09 PM |
|
Thank you very much, all!
|
|
|
|
simondlr
|
|
June 25, 2013, 07:14:48 PM |
|
Quick question.
I was running bitcoind on a EC2 micro instance, and it kept crashing. I assumed it was due to low memory. I've since upgraded to a small instance.
Is it possible the crashes were due to these attacks and it can actually run fine on a micro instance?
Can anyone possibly back this up? Or does micro instances simply have too little RAM to feasibly run it? Otherwise going to try and run bitcoind on a micro instance again to see what happens.
Thanks for all the dev work!
|
|
|
|
polrpaul
Full Member
Offline
Activity: 238
Merit: 100
Love the Bitcoin.
|
|
June 25, 2013, 07:17:08 PM |
|
Good work dev team!
|
|
|
|
nmersulypnem
|
|
June 25, 2013, 07:18:37 PM |
|
Any idea on if the attack was used or it's impact at the time?
Yes, it was used. Some lower memory nodes crashed. Does the fix limit any functionality?
|
|
|
|
|
donut
|
|
June 25, 2013, 07:29:28 PM |
|
Any idea on if the attack was used or it's impact at the time?
Yes, it was used. Some lower memory nodes crashed. Does the fix limit any functionality? What do you think this means? "Truncate over-size messages to prevent a memory exhaustion attack."
|
|
|
|
HeroC
Legendary
Offline
Activity: 858
Merit: 1000
|
|
June 25, 2013, 08:00:50 PM Last edit: June 26, 2013, 02:15:01 AM by HeroC |
|
Yay! Honestly, I have no idea what that means, but it seems like security fixes, so good job!
|
|
|
|
tinus42
|
|
June 25, 2013, 08:08:30 PM |
|
Thanks for the update. Minor remark: I use -datadir as an option to keep my coins in a non standard directory (as an extra security measure against wallet stealers) and when I install a new version it removes the flag in the shortcut. So I have to manually add it again after the update. Would be nice if it was kept by the update.
|
|
|
|
bbulker
|
|
June 25, 2013, 11:05:01 PM |
|
Thank you, dev-team.
|
|
|
|
lechugo
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 25, 2013, 11:43:43 PM |
|
Thanks guys for update!!
|
|
|
|
|