EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Security Related Bugfixes

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#33322
Posted: 05/19/2015 09:46:17
by ITSG (Standard support level)
Joined: 06/27/2013
Posts: 34

Hi there,

we are using SBB Version 12.0.263 and thinking about Upgrading to 12.0.269
I need to write a report to get the permission on using the new Version.
Important would be, if there are any security related bugfixes/changes in this Version, wich might close security issues.
From the available changelist, i can not 100% judge if the solved Problem was "just a bug" or a security hole.
For example:
- [All] (Base) Fixed an issue in SHA512 where incorrect digests were produced for inputs longer than 512Mbs
- [All] (Base) Unicode normalization has been fixed. The issue could cause unpredictable side effects when working with X.509 certificates.
- [All] (Base) DIGEST-MD5 authentication fixed for MD5-sess algorithm.

It would be very helpfull if someone could give me some info on any security related isusses that have been fixed with this new version.

Thanks
Martin
#33324
Posted: 05/19/2015 10:07:52
by Eugene Mayevski (EldoS Corp.)

All the mentioned issues are pure bug-fixes. If there's a security-related update, we mark it as such because it means that old versions can become vulnerable.

In fact, all such updates were not our flaws but either protocol flaws (like recent changes in TLS which took place in Autumn) or compatibility fixes required by flaws in other software (changes in TLS that took place in April).

I should notice that between builds 263 and 269 there were changes (related to TLS) which fall under one or both of the above definitions. So you should upgrade if you use TLS.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 221 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!