Coindesk Logo

Bitcoin Core Version 0.9.1 Fixes Heartbleed Vulnerability

Bitcoin Core Version 0.9.1 Fixes Heartbleed Vulnerability

Bitcoin Core Version 0.9.1 Fixes Heartbleed Vulnerability

Bitcoin Core Version 0.9.1 is out and it has addressed the Heartbleed OpenSSL vulnerability, also known as CVE-2014-0160.

Bitcoin Core Version 0.9.1 is out and it has addressed the Heartbleed OpenSSL vulnerability, also known as CVE-2014-0160.

Bitcoin Core Version 0.9.1 is out and it has addressed the Heartbleed OpenSSL vulnerability, also known as CVE-2014-0160.

AccessTimeIconApr 9, 2014, 10:50 AM
Updated Sep 3, 2021, 11:33 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

is out and it has addressed the Heartbleed OpenSSL vulnerability, also known as CVE-2014-0160. The vulnerability has been patched by major bitcoin exchanges in a matter of hours.

In case you missed it, Heartbleed is a pretty big deal in the security community. The crypto bug in OpenSSL (an open-source implementation of the SSL and TLS internet security protocols that encrypt and secure internet traffic) has opened up two thirds of the web to eavesdropping. It was uncovered earlier this week and many observers described it as nothing short of catastrophic.

Bitcoin players quick to address Heartbleed

Luckily the news quickly translated into industry-wide action: patches are being implemented across the world as we speak.

and wallets are targeted by hackers on a daily basis, so serious bitcoin outfits keep track of zero day exploits, new attack vectors and a host of other vulnerabilities.

The Bitcoin Core team says version 0.9.1 is a maintenance release to fix an urgent vulnerability (ie Heartbleed), and all users should upgrade as soon as possible. Most have heeded the call and as a result the vast majority of major bitcoin sites and exchanges have implemented the fix.

What is Heartbleed all about?

OpenSSL is the most popular code library for HTTPS encryption. It is not used by Microsoft IIS, so Windows-based systems cannot be directly affected.

While this is good news for most desktop users out there, IT departments would rather have it the other way around. OpenSSL is used on Linux, BSD and numerous custom server platforms. Mac OS X is affected, too. The bug does not affect all versions of OpenSSL, either. Some major banks like Chase and Schwab rely on Microsoft IIS. Others rely on Linux/Apache, Java and other systems.

reports the bug is the result of a “mundane coding error” in OpenSSL. The bug essentially allows attackers to gain access to chunks of private computer memory that handles the OpenSSL process.

The contents of said memory chunks may include authentication credentials or even private keys that can undermine the website’s entire cryptographic certificate.

Hence, website operators need to patch their servers with OpenSSL version 1.0.1g and update their security certificates. The problem is that the OpenSSL patch is just the first step. Users need to think about replacing their X.509 certificates once they apply the OpenSSL update.

All admins and users are advised to change their passwords as a precaution as activity is traceless, and this scale of vulnerability is unprecedented in OpenSSL.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.