Summary: Erroneous implementation of BLOCKHASH can trigger a chain reorganisation leading to consensus problems
Affected configurations: All geth versions up to 1.1.3 and 1.2.2. All eth versions prior to 1.0.0.
Likelihood: Low
Severity: Medium
Impact: Medium
Details: Both C++ (eth) and Go (geth) clients have an erroneous implementation of an edge case in the Ethereum virtual machine, specifically which chain the BLOCKHASH instruction uses for retrieving a block hash. This edge case is very unlikely to happen on a live network as it would only be triggered in certain types of chain reorganisations (a contract executing BLOCKHASH(N - 1) where N is the head of a non-canonical subchain that is not-yet reorganised to become the canonical (best/longest) chain but will be after the block is processed).
pyethereum is unaffected.
Effects on expected chain reorganisation depth: none
Remedial action taken by Ethereum: Provision of hotfixes as below.
Geth:
PPA: sudo apt-get update then sudo apt-get upgrade