[Slackbuilds-users] Electrum Advisory

Willy Sudiarto Raharjo willysr at slackbuilds.org
Tue Jan 9 23:23:35 UTC 2018


Hi

One user came to me to warn that current Electrum in SBo is vulnerable
to JSONRPC bug
(https://github.com/spesmilo/electrum-docs/blob/master/cve.rst). This
affect all Electrum 2.x and 3.x until 3.0.4. Version 3.0.5 fixed this
completely.

Unfortunately upgrading to Electrum 3.x is not that easy as upstream
moved to Python 3 and Qt5 completely. Some scripts doesn't have Python3
support so this is an on-progress work of adding Python3 support in some
scripts and when it's done, i can test for 3.x. Until then, we are stuck
with Electrum 2.9.3.

Meanwhile, users who are using Electrum should use the following advice:

Users who did not protect their wallet with a password should create a
new wallet, and move their funds to that wallet. Even if it never
received any funds, a wallet without password should not be used
anymore, because its seed might have been compromised.

In addition, users should review their settings, and delete all contacts
from their contacts list, because the Bitcoin addresses of their
contacts might have been modified.

If Electrum 3.0.5 (or any later version) cannot be installed or does not
work on your computer, stop using Electrum on that computer, and access
your funds from a device that can run Electrum 3.0.5. If you really need
to use an older version of Electrum, for example in order to access
wallet seed, make sure that your computer is offline, and that no web
browser is running on the computer at the same time.


-- 
Willy Sudiarto Raharjo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20180110/944d9c2b/attachment.asc>


More information about the SlackBuilds-users mailing list