See: https://nvd.nist.gov/vuln/detail/CVE-2016-10395
We need to update the Safe License server which you currently only provide up to version 11.13.
Question
Flexsera license service has an exploit. Update is availble but no safe version yet on download page
This post is closed to further activity.
It may be an old question, an answered question, an implemented idea, or a notification-only post.
Please check post dates before relying on any information in a question or answer.
For follow-up or related questions, please post a new question or idea.
If there is a genuine update to be made, please contact us and request that the post is reopened.
It may be an old question, an answered question, an implemented idea, or a notification-only post.
Please check post dates before relying on any information in a question or answer.
For follow-up or related questions, please post a new question or idea.
If there is a genuine update to be made, please contact us and request that the post is reopened.
+6Hi @hennyhoeven,
We are currently investigating this issue - we will be sure to update this thread with additional information once we have the fix in place. Our apologies for any inconvenience this may have caused, and thank you for bringing this to our attention.
-Annabelle
+20- Safer
- 3719 replies
We have now upgraded the FlexNet installers available on the downloads page of our website to version 11.15 for FME Desktop floating licenses. We recommend upgrading all FME floating license servers to guard against this vulnerability and also because future license files will not be compatible with previous versions of the FME floating license server. A new license file is not required and your existing safe.lic file should continue work. Also, note that this upgrade applies to FME Desktop Floating license servers and does not apply to current FME Server licensing.
Steps for Windows FME Desktop Floating License Server upgrades:
- Using the LMTOOLS application - Config Services panel, confirm the location of the safe.lic license file
- Stop the FME License Server service also using the LMTOOLS application
- Download the appropriate new Floating License Installer from the Safe Software downloads page
- Uninstall the existing "FlexNet for Safe Software" using Control Panel > Programs and Features
- Install the new downloaded Floating License Installer
- Use the application LMTOOLS - Config Services panel to ensure there is an "FME License Server" service and that the Path to License File field shows a valid path to the safe.lic license file*
- Start the FlexServer using LMTOOLS and save the service if any changes were made
Note that your system administrator may have configured automatic start-up of your floating license server after system restart and therefore you will need to either restart the system after these steps or restart the license server using the same command used in the start-up script.
- Download the appropriate package from the Safe Software downloads page.
- Locate your FlexServer directory. In the original documentation this directory was defined as /opt/FlexServer but it could be user-defined.
- Stop the floating license server with the command % ./lmutil lmdown -c <path_to_safe.lic>
- Backup and then replace the files in your <FlexServer> directory with the files in the downloaded package.
- Restart the floating license server using the same command used initially to start the license server. By default the command is % ./lmgrd -c ./safe.lic -l safe.log but your system administrator may have modified the path to the license file or to the floating license log to suit your own environment and may have placed this command in a start-up script.