![]() ![]() Limit key usage of server certificates when creating X.509 certificates.All cumulative updates bellow are included.Since this is an OS-side problem that is difficult to fix, we have rewritten the user mode program to use only the normal Mutex Lock instead of the RW Lock to work around this problem. This problem was an OS-side defect and only occurred on at least Ubuntu 20.04 or later Linux distributions and the 圆4 version. This problem was caused by a glitch on the OS side. However, there is a bug in the RW Lock of pthreads included in recent Linux distributions that, when handling thousands of sessions on a single server, would cause all CPUs to suddenly enter a spinlock interactive wait state, consuming an extremely long amount of CPU time, making VPN communication sessions difficult to communicate with, and causing VPN sessions to disconnect due to timeouts. The lock acquisition function called RW Lock (reader/writer lock) used inside the OpenSSL library used by this program calls the lock function provided by the OS (libc, pthread, kernel), but it is not supported in recent Linux distributions.This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future. When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. Heap area protection of memory has been enhanced.DoS attack prevention function is implemented in SoftEther VPN Server.Removed display of IP address from response error messages in VPN Server's behavior as an HTTPS Web server.Resolved a problem that caused rare crashes due to insufficient multithread locking for a data structure called the IP address table inside the VPN Server's virtual HUB. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |