![Security Alert – [Previous security patch can lead to invalid state root on Go clients with a specific transaction sequence – Fixed. Please update.]](https://i0.wp.com/blog.ethereum.org/images/eth-org.jpeg?w=1068&resize=1068,0&ssl=1 "Security Alert – [Previous security patch can lead to invalid state root on Go clients with a specific transaction sequence – Fixed. Please update.]")
Summary: Implementation bug in the go client may lead to invalid state
Affected client versions: Latest (unpatched) versions of Go client; v1.1.2, v1.0.4 tags and develop, master branches before September 9.
Likelihood: Low
Severity: High
Impact: High
Details: Go ethereum client does not correctly restore state of execution environment when a transaction goes out-of-gas if – within the same block – a contract was suicided. This would result in an invalid copy operation of the state object; flagging the contract as not deleted. This operation would cause a consensus issue between the other implementations.
Effects on expected chain reorganisation depth: none
Remedial action taken by Ethereum: Provision of hotfixes as below.
Proposed temporary workaround: Use Python or C++ client
If using the PPA: sudo apt-get update then sudo apt-get upgrade
If using brew: brew update then brew reinstall ethereum
If using a windows binary: download the updated binary from https://github.com/ethereum/go-ethereum/releases/tag/v1.1.3
Master branch commit: https://github.com/ethereum/go-ethereum/commit/9ebe787d3afe35902a639bf7c1fd68d1e591622a
If you’re building from source: git fetch origin && git checkout origin/master followed by a make geth
