Bug 1179984 (CVE-2020-26265) - [network:cryptocurrencies] CVE-2020-26265: geth: In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versio
Summary: [network:cryptocurrencies] CVE-2020-26265: geth: In Geth from version 1.9.4 a...
Status: RESOLVED FIXED
Alias: CVE-2020-26265
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Minor
Target Milestone: ---
Assignee: Markus Reckwerth
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/273243/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-14 06:28 UTC by Marcus Meissner
Modified: 2020-12-14 07:49 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2020-12-14 06:28:04 UTC 
CVE-2020-26265

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum
protocol. In Geth from version 1.9.4 and before version 1.9.20 a
consensus-vulnerability could cause a chain split, where vulnerable versions
refuse to accept the canonical chain. The fix was included in the Paragade
release version 1.9.20. No individual workaround patches have been made -- all
users are recommended to upgrade to a newer version.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26265
https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4
Comment 1 Markus Reckwerth 2020-12-14 07:49:34 UTC 
geth has been updated to 1.9.25.