Translations for our friends around the world.

Author Topic: CodeMeter Runtime 7.10a released  (Read 36 times)

0 Members and 1 Guest are viewing this topic.

Offline Rinix

  • HAVOC
  • *
  • Posts: 2043
  • Steel Beasts
CodeMeter Runtime 7.10a released
« on: September 16, 2020, 04:08:52 PM »
CodeMeter 7.10a
Release Date: 2020-Sep-16
Operating Systems Windows, Linux, Mac OS X
Download Windows (47.15MB): Click Here

Info

Notice of published security vulnerabilities
For CodeMeter several security vulnerabilities have been reported to us by a security service provider, which have been published on September 8th, 2020. Some of the vulnerabilities have been fixed in already released versions of CodeMeter. Further improvements are included in this version. A detailed overview of the vulnerabilities is available at https://www.wibu.com/support/security-advisories.html. Due to the classification of the vulnerabilities Wibu-Systems strongly recommends an update to this version. Due to the backwards compatibility this is usually possible without problems, but should be discussed with the manufacturer of the software licensed with CodeMeter.

Introduction of a new version of the WebSocket API with Origin Check
The WebSocket API has been enhanced with an Origin Check. Each call must be accompanied by a certificate issued by Wibu-Systems, which confirms for the called website that the requested WebSocket API calls are allowed for the Firm Code contained in the certificate. The WebSocket API with Origin Verification replaces the previous versions of the WebSocket API without Origin Verification. The previous protocol variants without Origin Verification are disabled by default (CVE-2020-14519). The WebSocket API without Origin Verification can be enabled by setting the profiling entry 'CmWebSocketAllowWithoutOriginCheck'='1'. Such activation is not recommended. The new WebSocket API with Origin Check ignores the previously possible deactivation by setting the profiling entry 'CmWebSocketApi'='0'. This means that it is always active, even if the WebSocket API without Origin Verification was previously disabled using this switch for security reasons.


Bugfixes:
FB64290: CodeMeter License Server: In the network protocol it is internally noted whether the connection is local or remote. CodeMeter.exe now checks the content of the package and therefore does not accept remote connections as local connections any more

FB71272: CodeMeter License Server: Due to a lack of parameter check it was possible to bring the CodeMeter License Server to a standstill (Denial of Service (DoS)) using specially generated TCP/IP packets. (CVE-2020-14509).

FB71354: CodeMeter License Server: A missing check of the received data volume caused a heap overflow, which could lead to a Denial of Service (DoS) or possibly remote code execution (CVE-2020-14509).

FB71172: CodeMeter License Server: During license borrowing the licenses of contained module items were not correctly assigned at the sender.

FB71174: CodeMeter License Server: License Tracking: Module items with an inherited number of licenses were not correctly considered in license tracking. The license of a module item indirectly borrowed due to inheritance is now also listed as borrowed.

FB71542: CodeMeter License Server: WibuCmNET.dll: A .NET application built or encrypted against version 7.0 could not be started with newer versions of CodeMeter. A corresponding policy was missing.
I ride inside Steel Beasts.

 

CodeMeter FAQ

Started by AsidBoard Support / F.A.Q.

Replies: 0
Views: 2253
Last post August 13, 2015, 10:06:36 AM
by Asid
Codemeter 6.30b update out

Started by RotarBoard Steel Beasts Pro

Replies: 3
Views: 2063
Last post August 23, 2016, 05:55:56 PM
by Asid
BiSim switching to CodeMeter for DRM?

Started by AsidBoard Virtual Battlespace (V.B.S.)

Replies: 0
Views: 1446
Last post February 06, 2017, 07:55:28 PM
by Asid
CodeMeter Runtime 5.21 released

Started by AsidBoard News / Announcements: SB Pro

Replies: 3
Views: 3200
Last post February 04, 2015, 01:56:38 AM
by Stardog765
CodeMeter Runtime 5.21B released

Started by AsidBoard News / Announcements: SB Pro

Replies: 1
Views: 3594
Last post July 09, 2015, 01:29:33 AM
by Asid