How to upgrade Bitcoin daemon in ubuntu 12.04?


I am currently having Bitcoin daemon version 0.9.0 and bitcoind getinfo shows error like "Upgrade required"

{ "version" : 90000, ... "errors" : "URGENT: Upgrade required: see" }

How to upgrade Bitcoin daemon in ubuntu 12.04 and want to know daemon is sync blocks once again needed?


Posted 2014-04-18T07:30:21.557

Reputation: 481




The Ubuntu PPA has been updated with packages for Bitcoin Core 0.9.1. Ironically, they make the upgrade warning go away, but they do not fix the problem!

The Bitcoin Core packages for Ubuntu do not include a dependency on a fixed version of the OpenSSL libraries. Therefore, if you have not upgraded OpenSSL on your Ubuntu system, you will still be able to install the Bitcoin Core 0.9.1 packages. It runs just fine, and displays no warnings, yet is still vulnerable.

So upgrading to the Bitcoin Core 0.9.1 packages is neither necessary nor sufficient to remove the vulnerability. The one and only thing to do is to upgrade OpenSSL, and then (other than the warning message) it does not matter whether you use 0.9.0 or 0.9.1. Bitcoin 0.9.1 has absolutely no functional changes versus 0.9.0 (I diffed the sources).

To summarize:

  • Bitcoin 0.9.1, new OpenSSL: Not vulnerable, no warning

  • Bitcoin 0.9.0, new OpenSSL: Not vulnerable, displays warning

  • Bitcoin 0.9.1, old OpenSSL: Vulnerable, no warning

  • Bitcoin 0.9.0, old OpenSSL: Vulnerable, displays warning.

I will try to find the proper place to report this as a bug.

Previous discussion

The Heartbleed bug is not in bitcoind itself, but in the OpenSSL system library on which it depends. The bug is "fixed" in Bitcoin Core 0.9.1, but all they did was to require the use of OpenSSL 1.0.1g, which incorporates the actual fix.

However, Ubuntu has not updated their distributed version of OpenSSL to 1.0.1g; instead, they have patched the version that they are using. The patched version is 1.0.1-4ubuntu5.12. Ubuntu's security advisory is posted at

Possibly as a result of this, Ubuntu packages for Bitcoin Core 0.9.1 have apparently not been created; but if you upgrade your OpenSSL libraries, it is not necessary to upgrade Bitcoin Core.

If you have the precise-security repository in your software sources (or in /etc/apt/sources.list), all you need to do is install the updates as you normally would, using either the update manager or aptitude update; aptitude upgrade. If you have unattended upgrades enabled, this has probably happened already. You can check the installed version by running dpkg -l libssl1.0.0.

Once this is done, you should restart bitcoind. (In fact, if possible you should probably reboot the system, to ensure that other potentially vulnerable services are also restarted.)

In general, upgrading Bitcoin Core does not require you to re-download the block chain.

Nate Eldredge

Posted 2014-04-18T07:30:21.557

Reputation: 22 182

I did all you wrote, but bitcoind still reports an error: "URGENT: Upgrade required: see"

– Hubert Schölnast – 2014-04-18T15:40:17.393

The warning will still appear since it only checks the version number of Bitcoin Core, but once OpenSSL is upgraded, the warning can be ignored. – Nate Eldredge – 2014-04-18T15:44:03.327

"Error", "URGENT" - Does not sound like a harmless warning that can be ignored. To me this sounds as if bitcoind had detected a really grievous and serious problem. I wish there was a package for version 0.9.1 for Ubuntu 12.04. – Hubert Schölnast – 2014-04-18T17:23:00.310

Nate, why should I trust you more than the error message? – Hubert Schölnast – 2014-04-19T07:39:21.670

@Hubert: All of this software is open source; you can verify that all the changes made are as I have said, and I would encourage you to do so rather than taking my word. Other options include finding another way to upgrade, or to stop using Bitcoin for a while, or find another client you trust more. – Nate Eldredge – 2014-04-19T13:40:16.437

@HubertSchölnast: Please see my update. It appears you can't actually trust the error message at all. – Nate Eldredge – 2014-04-20T15:21:54.953

@NateEldredge Added sudo add-apt-repository ppa:bitcoin/bitcoin & sudo apt-get update then install sudo apt-get install bitcoin gives followin E: Unable to locate package bitcoin – M.R – 2014-04-22T07:53:04.033

@M.R: the packages are named bitcoin-qt and bitcoind. – Nate Eldredge – 2014-04-22T14:55:16.013