Ubuntu
bitcoin package

bitcoind in 12.04 LTS is obsolete and should be upgraded

Bug #1170915 reported by psl
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
bitcoin (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

Ubuntu 12.04.2 LTS

bitcoind in 12.04 LTS is obsolete and should be replaced with newer version.

$ bitcoind -rpcuser=USER -rpcpassword=PASS getinfo
{
"version" : 32400,
...
"errors" : "URGENT: upgrade required, see http://bitcoin.org/dos for details"
}

$ apt-cache show bitcoind

Package: bitcoind
Priority: optional
Section: universe/utils
Installed-Size: 1188
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: Jonas Smedegaard <email address hidden>
Architecture: i386
Source: bitcoin
Version: 0.3.24~dfsg-1
...
 Full transaction history is stored locally at each client. This
 requires 150+ MB of space, slowly growing.

The notice in package description about 150+ MB is not correct. Current status is that transaction history needs more than 6GB of space and slowly grows to 12GB... ;-)

CVE References

Revision history for this message
Marc Deslauriers (mdeslaur) wrote : Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
Revision history for this message
shankao (shankao) wrote :

This should be taken as a security problem, as of http://bitcoin.org/en/alert/2012-05-14-dos

Changed in bitcoin (Ubuntu):
status: New → Confirmed
Revision history for this message
Flames_in_Paradise (ellisistfroh-deactivatedaccount) wrote :

This version shouldn't be used any konger:

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bitcoin

Revision history for this message
Flames_in_Paradise (ellisistfroh-deactivatedaccount) wrote :

Another warning:

https://bitcoin.org/en/alert/2014-04-11-heartbleed

Flames_in_Paradise (ellisistfroh-deactivatedaccount)
tags: added: precise upgrade-software-version
information type: Public → Private Security
Revision history for this message
Flames_in_Paradise (ellisistfroh-deactivatedaccount) wrote :

Maybe of some value:

http://packages.qa.debian.org/b/bitcoin.html
->
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Probably of interest to those who find this bug in the future:

https://lists.ubuntu.com/archives/ubuntu-motu/2013-December/007597.html

Thanks

information type: Private Security → Public
Revision history for this message
Thomas Ward (teward) wrote :

This package was removed from 12.04 and replaced with a dummy package. As such, this software has been removed from all later versions of Ubuntu. I am marking it "won't fix" as such.

Changed in bitcoin (Ubuntu):
status: Confirmed → Won't Fix
Revision history for this message
Thomas Ward (teward) wrote :

Please refer to https://bugs.launchpad.net/ubuntu/+source/bitcoin/+bug/1314616 for why this is marked "Won't Fix"

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.