Translations for our friends around the world.

Author Topic: CodeMeter Runtime 7.10a released  (Read 1858 times)

0 Members and 1 Guest are viewing this topic.

Offline Rinix

  • HAVOC
  • *
  • Posts: 2968
  • Steel Beasts
CodeMeter Runtime 7.10a released
« on: September 16, 2020, 04:08:52 PM »
CodeMeter 7.10a
Release Date: 2020-Sep-16
Operating Systems Windows, Linux, Mac OS X
Download Windows (47.15MB): Click Here

Info

Notice of published security vulnerabilities
For CodeMeter several security vulnerabilities have been reported to us by a security service provider, which have been published on September 8th, 2020. Some of the vulnerabilities have been fixed in already released versions of CodeMeter. Further improvements are included in this version. A detailed overview of the vulnerabilities is available at https://www.wibu.com/support/security-advisories.html. Due to the classification of the vulnerabilities Wibu-Systems strongly recommends an update to this version. Due to the backwards compatibility this is usually possible without problems, but should be discussed with the manufacturer of the software licensed with CodeMeter.

Introduction of a new version of the WebSocket API with Origin Check
The WebSocket API has been enhanced with an Origin Check. Each call must be accompanied by a certificate issued by Wibu-Systems, which confirms for the called website that the requested WebSocket API calls are allowed for the Firm Code contained in the certificate. The WebSocket API with Origin Verification replaces the previous versions of the WebSocket API without Origin Verification. The previous protocol variants without Origin Verification are disabled by default (CVE-2020-14519). The WebSocket API without Origin Verification can be enabled by setting the profiling entry 'CmWebSocketAllowWithoutOriginCheck'='1'. Such activation is not recommended. The new WebSocket API with Origin Check ignores the previously possible deactivation by setting the profiling entry 'CmWebSocketApi'='0'. This means that it is always active, even if the WebSocket API without Origin Verification was previously disabled using this switch for security reasons.


Bugfixes:
FB64290: CodeMeter License Server: In the network protocol it is internally noted whether the connection is local or remote. CodeMeter.exe now checks the content of the package and therefore does not accept remote connections as local connections any more

FB71272: CodeMeter License Server: Due to a lack of parameter check it was possible to bring the CodeMeter License Server to a standstill (Denial of Service (DoS)) using specially generated TCP/IP packets. (CVE-2020-14509).

FB71354: CodeMeter License Server: A missing check of the received data volume caused a heap overflow, which could lead to a Denial of Service (DoS) or possibly remote code execution (CVE-2020-14509).

FB71172: CodeMeter License Server: During license borrowing the licenses of contained module items were not correctly assigned at the sender.

FB71174: CodeMeter License Server: License Tracking: Module items with an inherited number of licenses were not correctly considered in license tracking. The license of a module item indirectly borrowed due to inheritance is now also listed as borrowed.

FB71542: CodeMeter License Server: WibuCmNET.dll: A .NET application built or encrypted against version 7.0 could not be started with newer versions of CodeMeter. A corresponding policy was missing.
funny
0
informative
0
Thanks
0
No reactions
No reactions
No reactions
I ride inside Steel Beasts.

Tags:
     

    SB Pro PE 4.268 Released

    Started by Rinix

    Replies: 0
    Views: 2069
    Last post November 19, 2021, 02:38:03 AM
    by Rinix
    SB Pro PE 4.163 Released

    Started by Rinix

    Replies: 2
    Views: 3122
    Last post March 13, 2020, 03:37:03 PM
    by Rinix
    SB Pro PE 4.160 Released

    Started by Rinix

    Replies: 3
    Views: 3981
    Last post September 08, 2019, 02:13:45 AM
    by Rinix
    Steel Beasts Pro 4.006 Released

    Started by wilso845

    Replies: 0
    Views: 3132
    Last post October 09, 2016, 03:36:43 PM
    by wilso845
    SB Pro PE v4.162 released

    Started by Asid

    Replies: 1
    Views: 1957
    Last post December 21, 2019, 03:20:06 AM
    by Rinix