This is a critical security release that all node operators are strongly recommended to install.
This version incorporates crucial security patches from go-ethereum v1.16.8, addressing two vulnerabilities in the P2P layer.
Security Fixes:
The first vulnerability involved a potential memory leak. A malicious peer could send a transaction with an invalid KZG proof, causing the receiving node to leak a small amount of memory. This fix prevents the leak by dropping peers that send such invalid proofs.
The second issue could have allowed a malformed P2P protocol handshake message to crash a node. The patch corrects the handling of ECIES encryption parameters (using the correct AES blocksize) to prevent this potential crash scenario.
This release ports critical security fixes from go-ethereum [v1.16.8](https://github.com/ethereum/go-ethereum/releases/tag/v1.16.8), resolving two P2P vulnerabilities. It is recommended for all users. ## Changelog ### BUGFIX core/txpool: drop peers on invalid KZG proofs crypto/ecies: use aes blocksize ## Assets | Assets | Sha256 Checksum | | :-----------: |------------| | mainnet.zip | 522cb9902437df2368008b28bebb6b5c35ec026bf2ec41af40117ff507f53fa7 | | testnet.zip | 0d9de8b7f1bafc36711eed80e97bf33f906fadc2ceb5457361645941d7ad19f7 | | geth_linux | fbdb8ef71be5cb392e689a8d54dea10667feaaa03d2889173263a0dd209877e0 | | geth_mac | 50c1144d2d48c20c5f3f2896e7f4878ef6df26e41910248684de1a6a1b9f8fd7 | | geth_windows | 31f620d87d02d167ae443387ccc92b8c8995786116d4573c50080012d46adf4d | | geth_linux_arm64 | 6ebd4b8fcfc6fe0a141df8d445fccdc2d5b25ea321763cfd59f06a5597ce7105 |