This is a security release that ports critical fixes from go-ethereum v1.16.9, resolving two P2P vulnerabilities.
These vulnerabilities could allow a remote attacker to crash a node by sending a specially-crafted message, leading to a Denial of Service (DoS) condition. The patches address improper handling of invalid cryptographic data in the following areas:
- A fix for coordinate checks in `crypto/secp256k1`.
- A fix for invalid-curve handling in `crypto/ecies`.
While this is not a mandatory update, upgrading is highly recommended for all users to ensure node stability and security. The upgrade process is a simple binary replacement for users on v1.6.x or newer.
## MetaInfo Mandatory Update Required: NO Target Audience: all users Procedure: simply binary replacement should be good from v1.6.x Schedule(Timeline): no scheduled upgrade timeline, but we recommend upgrading. ## Description This release ports critical security fixes from go-ethereum [v1.16.9](https://github.com/ethereum/go-ethereum/releases/v1.16.9), resolving two P2P vulnerabilities. ## Changelog ### BUGFIX crypto/secp256k1: fix coordinate check crypto/ecies: fix ECIES invalid-curve handling ## Assets | Assets | Sha256 Checksum | | :-----------: |------------| | mainnet.zip | 522cb9902437df2368008b28bebb6b5c35ec026bf2ec41af40117ff507f53fa7 | | testnet.zip | 0d9de8b7f1bafc36711eed80e97bf33f906fadc2ceb5457361645941d7ad19f7 | | geth_linux | def582a69d3bdd1bc5db3f1d0ad320368da8a0bbfb5bdc11cdaef91f00664cc9 | | geth_mac | 94579c1e2c6ce9cd38fc7ad612f0bebada50637e8de38f8cb37ba42e9ab3d818 | | geth_windows | b35df1473a23c2220f5b12b7c380267ff624ae3ba6ad59cc10e7b69a6c253607 | | geth_linux_arm64 | a042a7b798c5a149bb52f39927ece3ad895bded4671192e4b213efd4f9c68bb9 |