Affected configurations: All Go client versions
Likelihood: Very low
Severity: High
Details: A bug in Geth (and potentially other clients) may suffer from a DoS attack and allows remote attackers to stall synchronisation process almost indefinitely by supplying a valid, lighter chain. More information will be given out a later time including the report that was submitted through the bug bounty program.
Effects on expected chain reorganisation depth: None
Proposed temporary workaround: None
Remedial action taken by Ethereum: Provision of hotfixes as below:
If you're using Mist: download the updated binary from the release page
If using the PPA: sudo apt-get update then sudo apt-get upgrade
If using brew: brew update then brew reinstall ethereum
If using a windows binary: download the updated binary from the release page
If you are building from source: git pull followed by make geth (please use the Master branch 94ad694a26ca3f7776ec8240802596755e5d5c0a)