Quantcast
Channel: EldoS News
Mark channel Not-Safe-For-Work? cancel confirm NSFW Votes: (0 votes)
Are you the publisher? Claim or contact us about this channel.
0
  • Page 1
  • 2
  • 3
Previous Article Next Article

BizCrypto 14 has been updated

0
0
BizCrypto has been updated to version 14.0.287, which updates the backend security library.

Callback File System 6.0 updated

0
0
Callback File System version 6.0.173 with various fixes is available.

CallbackProcess updated

0
0
CallbackProcess version 1.0.6 is available for download and use.

CallbackFilter 4.1 is available

0
0
Minor update of CallbackFilter 4 is available for download.

SecureBlackbox 14: maintenance update available

0
0
New maintenance update to SecureBlackbox 14 contains improvements in various packages.

SecureBlackbox: for those affected by February 29 issue

0
0

We apologise to all our customers affected by the February 29 issue in SecureBlackbox TElHTTPSClient component. We have localised the problem and are now directing all our efforts to have the fix ready as quickly as possible.

For now we can confirm that the problem affects VCL, NG, C++ and PHP editions. .NET and Java editions are clear of the issue.

We are sorry for the inconveniences the issue might have caused.

UPDATE 1 (09:51)

Those our customers who compile SecureBlackbox from source code can apply the following patch to SBUtils.pas unit to get rid of the issue:

1. Open your SBUtils.pas unit.

2. Find the implementation of DateTimeAddYears() function.

3. Replace the implementation (the whole function including the headers, begin and end) with the following piece of code:

----- PATCH BLOCK START -----
function DateTimeIsLeapYear(Year: Integer): Boolean;
begin
  Result := (Year mod 4 = 0) and ((Year mod 100  0) or (Year mod 400 = 0));
end;

function DateTimeAddYears(DateTime: TElDateTime; Years: Integer): TElDateTime;
var
  Year, Month, Day: Word;
begin
  DecodeDate(DateTime, Year, Month, Day);
  Inc(Year, Years);
  if (Month = 2) and (Day = 29) and not DateTimeIsLeapYear(Year) then
    Day := 28;
  Result := EncodeDate(Year, Month, Day) + Frac(DateTime);
end;
----- PATCH BLOCK END -----

Please apply the patch and recompile your project to get use of the fix.


UPDATE 2 (10:25)

Some details of the issue:

The issue is caused by mishandling of leap years in internal SecureBlackbox date handling routine. Unfortunately, the architectural specifics of the library results in the error affecting a higher level TElHTTPSClient component, making it crash in its constructor. So, essentially, the problem leads to broken HTTPS connectivity and it seems to be the only (quite major though) consequence by far. February 29 is the only date affected, with TElHTTPSClient's behaviour getting back to normal on the 1st of March (in no way this is an excuse).

The issue doesn't appear to be exploitable and doesn't involve any straightforward data loss or disclosure. It's only the connectivity side that is affected.

We would like to thank our customers for your patience. Official hot fix updates are being prepared at the moment, and we hope to make them available soon. We are really sorry about the problems this issue might have caused you.

A word about SecureBlackbox "leap year" issue

0
0
The details, comments and plans about yesterday's issue with the leap year in SecureBlackbox.

New build of CallbackFilter available

0
0
New build of CallbackFilter 4.1 is available for download.

Callback File System 6.1 beta is available

0
0
The public beta version of Callback File System 6.1 is available for testing.

SecureBlackbox 14: maintenance update available

0
0
New maintenance update to SecureBlackbox 14 contains improvements and updates in PDF package.

BizCrypto 14 has been updated

0
0
BizCrypto has been updated to version 14.0.290, which updates the backend security library.

Callback File System 6.1 pre-release is available

0
0
The pre-release version of Callback File System 6.1 is available for download and use.

Regarding security alerts for EldoS products

0
0
If you want to be notified about security-related news, related to our products, and not about other news, we have created a dedicated information channel.

New build of CallbackFilter available

0
0
New build of CallbackFilter 4.1 is available for download.

SecureBlackbox 15 beta 1 is available

0
0
Beta version of SecureBlackbox 15 is available for download and testing.

SFTP Net Drive updated

0
0
New build of SFTP Net Drive application for mounting a remote SFTP server as a local disk is available for download and use.

Callback File System 6.1 released

0
0
Released Callback File System version 6.1 features options for caching individual files and directory trees on the local disk.  

SecureBlackbox 14: maintenance update available

0
0
New maintenance update to SecureBlackbox 14 contains improvements and updates in most packages.

Solid File System 5.2 released

0
0
Solid File System 5.2 has been released, with reworked .NET API and support for RAD Studio 10.1 Berlin.

New build of CallbackFilter available

0
0
New build of CallbackFilter 4.1 is available for download.
  • Page 1
  • 2
  • 3