Bitcoin Forum
May 30, 2015, 04:26:44 AM *
News: Change your password!
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: URGENT: Windows Bitcoin-Qt update  (Read 20505 times)
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW

Ignore
March 17, 2012, 12:17:15 AM
 #1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A potential security vulnerability has been discovered in the Windows
version of Bitcoin-Qt. If you are running Bitcoin-Qt versions 0.5
through 0.6 on Windows you should shut it down and upgrade to either
version 0.5.3.1 or 0.6rc4 NOW.

The command-line bitcoin daemon (bitcoind), Mac and Linux versions of
Bitcoin-Qt, and versions prior to 0.5 are not affected.

Due to the nature of the vulnerability, we believe it would be very
difficult for an attacker to do anything more than crash the
Bitcoin-Qt process. However, because there is a possibility of such a
crash causing remote code execution we consider this a critical issue.

Binaries are available at SourceForge:
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.0/test/
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.5.3/

If you have questions, feel free to drop by the #bitcoin-dev channel
on FreeNode IRC.

- --
Gavin Andresen
Gregory Maxwell
Matt Corallo
Nils Schneider
Wladimir J. van der Laan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9j12IACgkQdYgkL74406iIyQCfbxFTO3yD4Q2bHDjPlDuJn3Mj
9GAAn3mV+ggo+5q1Ujd0A5zwpFYojkE2
=g1Ad
-----END PGP SIGNATURE-----

How often do you get the chance to work on a potentially world-changing project?

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1432960004
Hero Member
*
Offline Offline

Posts: 1432960004

View Profile Personal Message (Offline)

Ignore
1432960004
Reply with quote  #2

1432960004
Report to moderator
mcorlett
Donator
Sr. Member
*
Offline Offline

Activity: 308



View Profile

Ignore
March 17, 2012, 12:21:41 AM
 #2

Can we get more information on the nature of the vulnerability itself, please?

Fiyasko
Legendary
*
Offline Offline

Activity: 1428


Okey Dokey Lokey


View Profile

Ignore
March 17, 2012, 12:32:38 AM
 #3

when was this discovered?!

http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
kentrolla
Hero Member
*****
Offline Offline

Activity: 504


View Profile

Ignore
March 17, 2012, 12:37:01 AM
 #4

thats nuts.......        can this effect any other processes?

Retired
Jr. Member
*
Offline Offline

Activity: 54



View Profile

Ignore
March 17, 2012, 12:37:40 AM
 #5

I assume you are not publishing more detailed information on purpose, right? And, as JackRabiit asked, when was this discovered?

"A business that makes nothing but money is a poor business"  - Henry Ford
fanquake
Donator
Sr. Member
*
Offline Offline

Activity: 378



View Profile

Ignore
March 17, 2012, 12:38:23 AM
 #6

Can we get more information on the nature of the vulnerability itself, please?
You can check out Github.


I assume you are not publishing more detailed information on purpose, right? And, as JackRabiit asked, when was this discovered?
I would say some time in the last day or so..
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile

Ignore
March 17, 2012, 12:47:27 AM
 #7

bitcoin.org lists the 0.5.3.1 update posted for 16 April 2012, perhaps correct that.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
apetersson
Hero Member
*****
Offline Offline

Activity: 666


mycelium.com


View Profile WWW

Ignore
March 17, 2012, 01:01:31 AM
 #8

about 3 days ago i was commenting on the language choice.
from a software architecture standpoint other languages than c++ would make more sense in such a sensitive area.

i am not suggesting that it should be rewritten. but i think it is very important that alternative implementations like BitcoinJ, multibit, armory, electrum exist.
ThiagoCMC
Legendary
*
Offline Offline

Activity: 1148


฿itcoin: Currency of Resistance!


View Profile WWW

Ignore
March 17, 2012, 01:17:34 AM
 #9

about 3 days ago i was commenting on the language choice.
from a software architecture standpoint other languages than c++ would make more sense in such a sensitive area.

i am not suggesting that it should be rewritten. but i think it is very important that alternative implementations like BitcoinJ, multibit, armory, electrum exist.

The most important re-implementation of Satoshi's oroginal code, from my point of view, is Libcoin from Michael Grønager.

* Bitfication.com! Turn your fiat, into bits!
mcorlett
Donator
Sr. Member
*
Offline Offline

Activity: 308



View Profile

Ignore
March 17, 2012, 01:18:19 AM
 #10

Can we get more information on the nature of the vulnerability itself, please?
You can check out Github.
Did you check before posting? There is no relevant commit to the main branch.

Luke-Jr
Legendary
*
Offline Offline

Activity: 1610



View Profile

Ignore
March 17, 2012, 01:20:55 AM
 #11

The most important re-implementation of Satoshi's oroginal code, from my point of view, is Libcoin from Michael Grønager.
Libcoin is not a reimplementation, it is just the Satoshi client made into a library. Perhaps you meant Amir's libbitcoin?

cypherdoc
Legendary
*
Offline Offline

Activity: 1526



View Profile

Ignore
March 17, 2012, 01:22:57 AM
 #12

are the backups in 0.6.0 for windows encrypted?
Luke-Jr
Legendary
*
Offline Offline

Activity: 1610



View Profile

Ignore
March 17, 2012, 01:24:25 AM
 #13

are the backups in 0.6.0 for windows encrypted?
No

fanquake
Donator
Sr. Member
*
Offline Offline

Activity: 378



View Profile

Ignore
March 17, 2012, 01:24:59 AM
 #14

Can we get more information on the nature of the vulnerability itself, please?
You can check out Github.
Did you check before posting? There is no relevant commit to the main branch.
Isn't this it https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831
cypherdoc
Legendary
*
Offline Offline

Activity: 1526



View Profile

Ignore
March 17, 2012, 01:29:30 AM
 #15

are the backups in 0.6.0 for windows encrypted?
No

why wouldn't it be?  if you encrypt your working wallet, then run a backup, it should be encrypted as well i would think.
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile

Ignore
March 17, 2012, 01:29:56 AM
 #16

why wouldn't it be?  if you encrypt your working wallet, then run a backup, it should be encrypted as well i would think.
yes, it's simply a copy

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
Luke-Jr
Legendary
*
Offline Offline

Activity: 1610



View Profile

Ignore
March 17, 2012, 01:32:14 AM
 #17

are the backups in 0.6.0 for windows encrypted?
No

why wouldn't it be?  if you encrypt your working wallet, then run a backup, it should be encrypted as well i would think.
Encrypted wallets aren't really encrypted entirely. Only your private keys are. There's still a lot of sensitive data in there you probably don't want public.

grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1442



View Profile

Ignore
March 17, 2012, 01:38:35 AM
 #18

so all the 0.4.* versions are still safe, right?

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
Luke-Jr
Legendary
*
Offline Offline

Activity: 1610



View Profile

Ignore
March 17, 2012, 01:47:16 AM
 #19

so all the 0.4.* versions are still safe, right?
For this specific bug, yes. But wxBitcoin (the GUI in 0.4.x) is not maintained or supported at all, so it likely has other unfixed vulnerabilities.

da2ce7
Legendary
*
Online Online

Activity: 1134


Live and Let Live


View Profile

Ignore
March 17, 2012, 02:03:55 AM
 #20

If the installer ain't working for you... Make sure you select 'Run As Administrator'.

Users whom wisely don't run as a super user, will get the error 'cannot access file.'  Instead of a prompt for an escalation of privileges.

One off NP-Hard.
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!