Topic: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required - page 8. (Read 64172 times)
another reason for new investors to avoid bitcoin
If you are using the graphical version of 0.9.0 on any platform, you must update immediately.
If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you.Instead, you must upgrade to a fixed OpenSSL version.
Did that glibc problem for linux users get auto-fixed with the 0.9.1 release? Yay! I feared we might be still stuck with 0.9.0's glibc headache:
https://bitcointalksearch.org/topic/m.5795604
... but I just ran the vanilla 0.9.1 in bash in debian wheezy without any trouble at all. Good work devs.
https://bitcointalksearch.org/topic/m.5795604
... but I just ran the vanilla 0.9.1 in bash in debian wheezy without any trouble at all. Good work devs.
Bitcoin 0.9.1 in NOT working with russian version of windows!
I think that it's probably more secure to use an old linux at this point...
Running bitcoind.static I got:
Solution https://www.foresightlinux.se/what-localefacet_s_create_c_locale-name-not-valid/
Running bitcoind.static I got:
Code:
terminate called after throwing an instance of 'std::runtime_error'
what(): locale::facet::_S_create_c_locale name not valid
Solution https://www.foresightlinux.se/what-localefacet_s_create_c_locale-name-not-valid/
I bet the CIA was exploiting this bug for years.
Do I sound like a conspiracy nut?
Do I sound like a conspiracy nut?
Can really the CLIENT KEYs be compromised by this bug?
What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.
Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)
The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?
If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.
Bitcoin Core is considered a server / creates what would be considered a server in at least one of the cases highlighted by theymos.What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.
Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)
The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?
If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.
And, even if it acted as a client in the other: This vulnerability also affects clients, which is basically why, if a browser you use uses OpenSSL (Android Browser, for example), the server itself can attack you this way.
So yes, what you say in your final sentence is true (at least for browsers using OpenSSL).
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?
Please.
Almost sounds like you've downloaded a source archive. Are you sure you've downloaded https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz , 36MB in size?
I had a quick look at this archive and the executables appear to be there:
bin/32/bitcoin-qt
bin/64/bitcoin-qt
The file I downloaded from your link and the previous link is 47.5 MB. I tried it again with your link, but same result. Bitcoin-qt is not an executable, it is a "shared library (application/x-sharedlib)". I have no program that can execute this file. Fuck. Why didn't they just make an "executable (application/x-executable)" file like version 0.8.5?
Can really the CLIENT KEYs be compromised by this bug?
What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.
Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)
The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?
If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.
What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.
Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)
The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?
If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.
Why don't the devs send an update notice with the emergency key?
So glad my balance is still there, after the update.
Armory offline and online are both safe right?
I'm using Armory 0.8.x
I'm using Armory 0.8.x
Yes because it doesn't bitcoind rpcssl.
Armory offline and online are both safe right?
I'm using Armory 0.8.x
I'm using Armory 0.8.x
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?
Please.
Almost sounds like you've downloaded a source archive. Are you sure you've downloaded https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz , 36MB in size?
I had a quick look at this archive and the executables appear to be there:
bin/32/bitcoin-qt
bin/64/bitcoin-qt
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?
Please.
Never heard of this "rpcssl" option so I've never used it.
Am I good? Or must I update to 0.9.1?
Thanks guys
The HeartBleed vulnerability has been around ~2 years.Am I good? Or must I update to 0.9.1?
Thanks guys
OpenSSL is the program effected. The OpenSSL team has only discovered this vulnerability yesterday.
It is not specific to bitcoin-qt.
Anytime you have bitcoin-qt open you are potentially at risk.
I hate being forced into new updates. Like MoonShadow once said (and I am paraphrasing): "I like to wait until they have ironed out the bugs with new releases before I update". I've been following that same rule, and only update if it's absolutely necessary. Which is why I never even upgraded to v0.9
That's a good policy. I also do that. You don't need to update from versions older than 0.9.0 unless you're using rpcssl. Most people aren't.
Even if you are using RPC you would have had to manually create a SSL private key and SSL cert using openssl and then manually install those by setting params in the bitcoin.conf in order to be be exectuing those RPC calls over SSL.
If all of those sounds foreign the simple answer is unless you already knew you were using RPC over SSL you weren't using it.
I have 0.8.5 version. Should I upgrade too? Backup before upgrade?
As for "backup before upgrade"? ALWAYS backup before upgrade, every single upgrade and periodically between upgrades. You never need to ask that question again because there is never a scenario where if you are deciding if you should make a backup that it would be a bad idea to do so. Always use dates in the names of backups so you don't write over previous versions.I cannot stress this enough! ALWAYS backup before doing anything with your wallet. Between upgrades, when you import keys, etc... And keep the backups in multiple secure places.
Okay, I'm using (According to the debug screen):
v0.8.6-beta
Which has
OpenSSL 1.0.1c 10 May 2012
Never clicked on any "payment" thingys and I've only received BTC and sent BTC from it.
My bitcoin.conf is empty.
Never heard of this "rpcssl" option so I've never used it.
Am I good? Or must I update to 0.9.1?
Thanks guys
v0.8.6-beta
Which has
OpenSSL 1.0.1c 10 May 2012
Never clicked on any "payment" thingys and I've only received BTC and sent BTC from it.
My bitcoin.conf is empty.
Never heard of this "rpcssl" option so I've never used it.
Am I good? Or must I update to 0.9.1?
Thanks guys
Thanks. I already update my wallet regularly with timestamps. I mean will backup process and old backups affected for this? I use vanity addresses I created. Should I create new normal addresses?
I upgraded to 0.9.1 without a problem.
I upgraded to 0.9.1 without a problem.
Reusing addresses is bad anyway, I say start fresh. Don't lose old wallets tho.
Thanks. I already update my wallet regularly with timestamps. I mean will backup process and old backups affected for this? I use vanity addresses I created. Should I create new normal addresses?
I upgraded to 0.9.1 without a problem.
I upgraded to 0.9.1 without a problem.
Jump to: