Quantcast
Channel: EldoS News
Viewing all 41 articles
Browse latest View live

BizCrypto 14 has been updated

February 5, 2016, 9:00 pm
$
0
0
BizCrypto has been updated to version 14.0.287, which updates the backend security library.
Search

Callback File System 6.0 updated

February 10, 2016, 9:00 pm
$
0
0
Callback File System version 6.0.173 with various fixes is available.

CallbackProcess updated

February 14, 2016, 9:00 pm
$
0
0
CallbackProcess version 1.0.6 is available for download and use.

CallbackFilter 4.1 is available

February 18, 2016, 9:00 pm
$
0
0
Minor update of CallbackFilter 4 is available for download.

SecureBlackbox 14: maintenance update available

February 25, 2016, 9:00 pm
$
0
0
New maintenance update to SecureBlackbox 14 contains improvements in various packages.

SecureBlackbox: for those affected by February 29 issue

February 29, 2016, 1:33 am
$
0
0

We apologise to all our customers affected by the February 29 issue in SecureBlackbox TElHTTPSClient component. We have localised the problem and are now directing all our efforts to have the fix ready as quickly as possible.

For now we can confirm that the problem affects VCL, NG, C++ and PHP editions. .NET and Java editions are clear of the issue.

We are sorry for the inconveniences the issue might have caused.

UPDATE 1 (09:51)

Those our customers who compile SecureBlackbox from source code can apply the following patch to SBUtils.pas unit to get rid of the issue:

1. Open your SBUtils.pas unit.

2. Find the implementation of DateTimeAddYears() function.

3. Replace the implementation (the whole function including the headers, begin and end) with the following piece of code:

----- PATCH BLOCK START -----
function DateTimeIsLeapYear(Year: Integer): Boolean;
begin
  Result := (Year mod 4 = 0) and ((Year mod 100 <> 0) or (Year mod 400 = 0));
end;

function DateTimeAddYears(DateTime: TElDateTime; Years: Integer): TElDateTime;
var
  Year, Month, Day: Word;
begin
  DecodeDate(DateTime, Year, Month, Day);
  Inc(Year, Years);
  if (Month = 2) and (Day = 29) and not DateTimeIsLeapYear(Year) then
    Day := 28;
  Result := EncodeDate(Year, Month, Day) + Frac(DateTime);
end;
----- PATCH BLOCK END -----

Please apply the patch and recompile your project to get use of the fix.


UPDATE 2 (10:25)

Some details of the issue:

The issue is caused by mishandling of leap years in internal SecureBlackbox date handling routine. Unfortunately, the architectural specifics of the library results in the error affecting a higher level TElHTTPSClient component, making it crash in its constructor. So, essentially, the problem leads to broken HTTPS connectivity and it seems to be the only (quite major though) consequence by far. February 29 is the only date affected, with TElHTTPSClient's behaviour getting back to normal on the 1st of March (in no way this is an excuse).

The issue doesn't appear to be exploitable and doesn't involve any straightforward data loss or disclosure. It's only the connectivity side that is affected.

We would like to thank our customers for your patience. Official hot fix updates are being prepared at the moment, and we hope to make them available soon. We are really sorry about the problems this issue might have caused you.

A word about SecureBlackbox "leap year" issue

February 29, 2016, 9:00 pm
$
0
0
The details, comments and plans about yesterday's issue with the leap year in SecureBlackbox.

New build of CallbackFilter available

March 6, 2016, 2:00 pm
$
0
0
New build of CallbackFilter 4.1 is available for download.
Search

Callback File System 6.1 beta is available

March 11, 2016, 2:00 pm
$
0
0
The public beta version of Callback File System 6.1 is available for testing.

SecureBlackbox 14: maintenance update available

March 19, 2016, 3:00 pm
$
0
0
New maintenance update to SecureBlackbox 14 contains improvements and updates in PDF package.

BizCrypto 14 has been updated

March 19, 2016, 3:00 pm
$
0
0
BizCrypto has been updated to version 14.0.290, which updates the backend security library.

Callback File System 6.1 pre-release is available

March 26, 2016, 2:00 pm
$
0
0
The pre-release version of Callback File System 6.1 is available for download and use.

Regarding security alerts for EldoS products

April 4, 2016, 2:00 pm
$
0
0
If you want to be notified about security-related news, related to our products, and not about other news, we have created a dedicated information channel.

New build of CallbackFilter available

April 15, 2016, 2:00 pm
$
0
0
New build of CallbackFilter 4.1 is available for download.

SecureBlackbox 15 beta 1 is available

April 20, 2016, 2:00 pm
$
0
0
Beta version of SecureBlackbox 15 is available for download and testing.
Search

SFTP Net Drive updated

April 21, 2016, 2:00 pm
$
0
0
New build of SFTP Net Drive application for mounting a remote SFTP server as a local disk is available for download and use.

Callback File System 6.1 released

April 23, 2016, 2:00 pm
$
0
0
Released Callback File System version 6.1 features options for caching individual files and directory trees on the local disk.  

SecureBlackbox 14: maintenance update available

May 1, 2016, 2:00 pm
$
0
0
New maintenance update to SecureBlackbox 14 contains improvements and updates in most packages.

Solid File System 5.2 released

May 15, 2016, 2:00 pm
$
0
0
Solid File System 5.2 has been released, with reworked .NET API and support for RAD Studio 10.1 Berlin.

New build of CallbackFilter available

May 24, 2016, 2:00 pm
$
0
0
New build of CallbackFilter 4.1 is available for download.
Viewing all 41 articles
Browse latest View live
Search