forked from hush/hush3
![laanwj@gmail.com](/assets/img/avatar_default.png)
1 changed files with 53 additions and 0 deletions
@ -0,0 +1,53 @@ |
|||
Bitcoin Core version 0.9.1 is now available from: |
|||
|
|||
https://bitcoin.org/bin/0.9.1/ |
|||
|
|||
This is a security update. It is recommended to upgrade to this release |
|||
as soon as possible. |
|||
|
|||
It is especially important to upgrade if you currently have version |
|||
0.9.0 installed and are using the graphical interface OR you are using |
|||
bitcoind from any pre-0.9.1 version, and have enabled SSL for RPC and |
|||
have configured allowip to allow rpc connections from potentially |
|||
hostile hosts. |
|||
|
|||
Please report bugs using the issue tracker at github: |
|||
|
|||
https://github.com/bitcoin/bitcoin/issues |
|||
|
|||
How to Upgrade |
|||
-------------- |
|||
|
|||
If you are running an older version, shut it down. Wait until it has completely |
|||
shut down (which might take a few minutes for older versions), then run the |
|||
installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or |
|||
bitcoind/bitcoin-qt (on Linux). |
|||
|
|||
If you are upgrading from version 0.7.2 or earlier, the first time you run |
|||
0.9.1 your blockchain files will be re-indexed, which will take anywhere from |
|||
30 minutes to several hours, depending on the speed of your machine. |
|||
|
|||
0.9.1 Release notes |
|||
======================= |
|||
|
|||
No code changes were made between 0.9.0 and 0.9.1. Only the dependencies were changed. |
|||
|
|||
- Upgrade OpenSSL to 1.0.1g. This release fixes the following vulnerabilities which can |
|||
affect the Bitcoin Core software: |
|||
|
|||
- CVE-2014-0160 ("heartbleed") |
|||
A missing bounds check in the handling of the TLS heartbeat extension can |
|||
be used to reveal up to 64k of memory to a connected client or server. |
|||
|
|||
- CVE-2014-0076 |
|||
The Montgomery ladder implementation in OpenSSL does not ensure that |
|||
certain swap operations have a constant-time behavior, which makes it |
|||
easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache |
|||
side-channel attack. |
|||
|
|||
- Add statically built executables to Linux build |
|||
|
|||
Credits |
|||
-------- |
|||
|
|||
Credits go to the OpenSSL team for fixing the vulnerabilities quickly. |
Loading…
Reference in new issue