Impacted configurations: All Versions of the Go client
Probability: Extremely low
Impact Level: Severe
Information: A defect in Geth (and possibly other clients) may be vulnerable to a DoS attack, enabling remote adversaries to disrupt the synchronization process nearly indefinitely by providing a valid, lighter chain. Further information will be disclosed at a later time, including the report that was submitted through the bug bounty initiative.
Impact on anticipated chain reorganization depth: None
Recommended temporary solution: None
Actions taken by Ethereum to address the issue: Provision of hotfixes as listed below:
For users of Mist: download the revised binary from the release page
For PPA users: sudo apt-get update then sudo apt-get upgrade
For brew users: brew update then brew reinstall ethereum
For those utilizing a Windows binary: download the updated binary from the release page
If you are compiling from source: git pull then make geth (please utilize the Master branch 94ad694a26ca3f7776ec8240802596755e5d5c0a)