Security Advisory (Implementation bug in Go and Python clients could lead to DoS – Fixed – Please update your clients)

State transition and consensus issues in the geth client cause panics (crashes) when processing (valid) blocks with certain transaction combinations. This can cause overall network instability if unaffected clients accept and forward blocks, causing a DoS. This can happen in blocks that contain transactions that commit suicide of the block reward address.

Configurations affected: Issues with Geth have been reported. While investigating the issue, a related issue was discovered and fixed in pyethereum, so pyethapp is also affected. C++ clients are not affected.

What could happen: low

Severity: High

complexity: High

effect: Network Instability and DoS

Details: Blocks containing a specific combination of transactions that contain one or more SUICIDE calls are valid, but cause a panic crash in the go-ethereum client and a crash in pyethereum. Additional details may be published when available.

Impact on expected chain reorganization depth: doesn’t exist.

Improvement measures taken by Ethereum: We provide corrections as below.

Suggested workaround: Switch to an unaffected client such as eth (C++).

fix:Upgrade your geth and pyethereum client software.

Gothereum (geth):

The current stable version of geth is 1.1.1. If you’re running 1.0 and use a package manager like apt-get or homebrew, your client will be upgraded.

If you’re using a PPA: sudo apt-get update Then sudo apt-get upgrade

If you use brewing: Brewing Updates Then Reinstall Brewing Ethereum

If you are using Windows binaries: updated binaries.

If building from source: child pull next make a geth (Please use master branch commit. 8f09242d7f527972acb1a8b2a61c9f55000e955d)

The correct version for this update on Ubuntu and OSX is Geth/v1.1.1-.8f09242d

Piethereum:

Users of pyethapp will need to reinstall it.

> pip install pyethapp –force-reinstall