Bitcoin Forum
April 17, 2014, 01:09:48 PM *
News: ♦♦ A bug in OpenSSL, used by Bitcoin-Qt/Bitcoin Core, could allow your bitcoins to be stolen. Immediately updating Bitcoin Core to 0.9.1 is required in some cases, especially if you're using 0.9.0. Download. More info.
The same bug also affected the forum. Changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5  All
  Print  
Author Topic: URGENT: Windows Bitcoin-Qt update  (Read 16008 times)
Gavin Andresen
Hero Member
*****
Offline Offline

Activity: 1330


Chief Scientist


View Profile WWW

Ignore
March 17, 2012, 12:17:15 AM
 #1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A potential security vulnerability has been discovered in the Windows
version of Bitcoin-Qt. If you are running Bitcoin-Qt versions 0.5
through 0.6 on Windows you should shut it down and upgrade to either
version 0.5.3.1 or 0.6rc4 NOW.

The command-line bitcoin daemon (bitcoind), Mac and Linux versions of
Bitcoin-Qt, and versions prior to 0.5 are not affected.

Due to the nature of the vulnerability, we believe it would be very
difficult for an attacker to do anything more than crash the
Bitcoin-Qt process. However, because there is a possibility of such a
crash causing remote code execution we consider this a critical issue.

Binaries are available at SourceForge:
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.0/test/
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.5.3/

If you have questions, feel free to drop by the #bitcoin-dev channel
on FreeNode IRC.

- --
Gavin Andresen
Gregory Maxwell
Matt Corallo
Nils Schneider
Wladimir J. van der Laan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9j12IACgkQdYgkL74406iIyQCfbxFTO3yD4Q2bHDjPlDuJn3Mj
9GAAn3mV+ggo+5q1Ujd0A5zwpFYojkE2
=g1Ad
-----END PGP SIGNATURE-----

Will I see you in Amsterdam?
  http://bitcoin2014.com/
GAWMiners.com
ASIC Scrypt Miners
Guaranteed Satisfaction + Same-Day Shipping For FREE!
Simply Enter "freeshipping" at checkout

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397740188
Hero Member
*
Offline Offline

Posts: 1397740188

View Profile Personal Message (Offline)

Ignore
1397740188
Reply with quote  #2

1397740188
Report to moderator
1397740188
Hero Member
*
Offline Offline

Posts: 1397740188

View Profile Personal Message (Offline)

Ignore
1397740188
Reply with quote  #2

1397740188
Report to moderator
1397740188
Hero Member
*
Offline Offline

Posts: 1397740188

View Profile Personal Message (Offline)

Ignore
1397740188
Reply with quote  #2

1397740188
Report to moderator
mcorlett
Donator
Sr. Member
*
Offline Offline

Activity: 308



View Profile

Ignore
March 17, 2012, 12:21:41 AM
 #2

Can we get more information on the nature of the vulnerability itself, please?

JackRabiit
Hero Member
*****
Offline Offline

Activity: 1162


Okey Dokey Lokey


View Profile

Ignore
March 17, 2012, 12:32:38 AM
 #3

when was this discovered?!

kentrolla
Hero Member
*****
Offline Offline

Activity: 504


View Profile

Ignore
March 17, 2012, 12:37:01 AM
 #4

thats nuts.......        can this effect any other processes?

Retired
Jr. Member
*
Offline Offline

Activity: 44



View Profile

Ignore
March 17, 2012, 12:37:40 AM
 #5

I assume you are not publishing more detailed information on purpose, right? And, as JackRabiit asked, when was this discovered?

"A business that makes nothing but money is a poor business"  - Henry Ford
fanquake
Donator
Sr. Member
*
Offline Offline

Activity: 378



View Profile

Ignore
March 17, 2012, 12:38:23 AM
 #6

Can we get more information on the nature of the vulnerability itself, please?
You can check out Github.


I assume you are not publishing more detailed information on purpose, right? And, as JackRabiit asked, when was this discovered?
I would say some time in the last day or so..

Join #bitcoin-aus on Freenode
12eb1xeCnDE1F64vXkvoqq6MrAuSqaCBMG
Clipse
SCAMMER
Hero Member
*****
Offline Offline

Activity: 504


View Profile

Ignore
March 17, 2012, 12:47:27 AM
 #7

bitcoin.org lists the 0.5.3.1 update posted for 16 April 2012, perhaps correct that.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
apetersson
Hero Member
*****
Online Online

Activity: 631


mycelium.com


View Profile WWW

Ignore
March 17, 2012, 01:01:31 AM
 #8

about 3 days ago i was commenting on the language choice.
from a software architecture standpoint other languages than c++ would make more sense in such a sensitive area.

i am not suggesting that it should be rewritten. but i think it is very important that alternative implementations like BitcoinJ, multibit, armory, electrum exist.
ThiagoCMC
Staff
Hero Member
*****
Offline Offline

Activity: 980


฿itcoin: Currency of Resistance!


View Profile WWW

Ignore
March 17, 2012, 01:17:34 AM
 #9

about 3 days ago i was commenting on the language choice.
from a software architecture standpoint other languages than c++ would make more sense in such a sensitive area.

i am not suggesting that it should be rewritten. but i think it is very important that alternative implementations like BitcoinJ, multibit, armory, electrum exist.

The most important re-implementation of Satoshi's oroginal code, from my point of view, is Libcoin from Michael Grønager.

* Bitfication.com! Turn your fiat, into bits!
mcorlett
Donator
Sr. Member
*
Offline Offline

Activity: 308



View Profile

Ignore
March 17, 2012, 01:18:19 AM
 #10

Can we get more information on the nature of the vulnerability itself, please?
You can check out Github.
Did you check before posting? There is no relevant commit to the main branch.

Luke-Jr
Hero Member
*****
Online Online

Activity: 1204



View Profile

Ignore
March 17, 2012, 01:20:55 AM
 #11

The most important re-implementation of Satoshi's oroginal code, from my point of view, is Libcoin from Michael Grønager.
Libcoin is not a reimplementation, it is just the Satoshi client made into a library. Perhaps you meant Amir's libbitcoin?

cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
March 17, 2012, 01:22:57 AM
 #12

are the backups in 0.6.0 for windows encrypted?
Luke-Jr
Hero Member
*****
Online Online

Activity: 1204



View Profile

Ignore
March 17, 2012, 01:24:25 AM
 #13

are the backups in 0.6.0 for windows encrypted?
No

fanquake
Donator
Sr. Member
*
Offline Offline

Activity: 378



View Profile

Ignore
March 17, 2012, 01:24:59 AM
 #14

Can we get more information on the nature of the vulnerability itself, please?
You can check out Github.
Did you check before posting? There is no relevant commit to the main branch.
Isn't this it https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831

Join #bitcoin-aus on Freenode
12eb1xeCnDE1F64vXkvoqq6MrAuSqaCBMG
cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
March 17, 2012, 01:29:30 AM
 #15

are the backups in 0.6.0 for windows encrypted?
No

why wouldn't it be?  if you encrypt your working wallet, then run a backup, it should be encrypted as well i would think.
wumpus
Hero Member
*****
Offline Offline

Activity: 630

No Maps for These Territories


View Profile

Ignore
March 17, 2012, 01:29:56 AM
 #16

why wouldn't it be?  if you encrypt your working wallet, then run a backup, it should be encrypted as well i would think.
yes, it's simply a copy

Bitcoin Core developer [PGP]  Tips: 1L125pF2e7himW43Qu752ZFLtBLicxQmng Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
Luke-Jr
Hero Member
*****
Online Online

Activity: 1204



View Profile

Ignore
March 17, 2012, 01:32:14 AM
 #17

are the backups in 0.6.0 for windows encrypted?
No

why wouldn't it be?  if you encrypt your working wallet, then run a backup, it should be encrypted as well i would think.
Encrypted wallets aren't really encrypted entirely. Only your private keys are. There's still a lot of sensitive data in there you probably don't want public.

grue
Staff
Hero Member
*****
Offline Offline

Activity: 1036


It is pitch black. You are likely to be eaten by a grue.


View Profile

Ignore
March 17, 2012, 01:38:35 AM
 #18

so all the 0.4.* versions are still safe, right?

1ELvnrA6PhUyDBS6iR25K1Xx4xXL6VMfJX
Luke-Jr
Hero Member
*****
Online Online

Activity: 1204



View Profile

Ignore
March 17, 2012, 01:47:16 AM
 #19

so all the 0.4.* versions are still safe, right?
For this specific bug, yes. But wxBitcoin (the GUI in 0.4.x) is not maintained or supported at all, so it likely has other unfixed vulnerabilities.

da2ce7
Hero Member
*****
Offline Offline

Activity: 1022


Live and Let Live


View Profile

Ignore
March 17, 2012, 02:03:55 AM
 #20

If the installer ain't working for you... Make sure you select 'Run As Administrator'.

Users whom wisely don't run as a super user, will get the error 'cannot access file.'  Instead of a prompt for an escalation of privileges.

Banking Software? I develop it: Open-Transactions
       Windows Open-Transactions Builds
Pages: [1] 2 3 4 5  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!