Affected configurations: All Go client versions

Likelihood: Very low

Severity: High

Details: A bug in Geth (and potentially other clients) may suffer from a DoS attack and allows remote attackers to stall synchronisation process almost indefinitely by supplying a valid, lighter chain. More information will be given out a later time including the report that was submitted through the bug bounty program.

Effects on expected chain reorganisation depth: None

Proposed temporary workaround: None

Remedial action taken by Ethereum: Provision of hotfixes as below:

If you’re using Mist: download the updated binary from the release page

If using the PPA: sudo apt-get update then sudo apt-get upgrade

If using brew: brew update then brew reinstall ethereum

If using a windows binary: download the updated binary from the release page