
Revenera Company News — cvirata (Flexera Software)
(Latest Update 2023-Nov-17 17:47 CDT)
The cURL 8.4.0 patch has been released and we're continuing to assess Revenera product impact and if any remediation work is required.
If you need to patch cURL on your own servers or environment, the patch files are available at https://curl.se/download.html.
Revenera Product AssessmentProductcURL present in ProductPresent in Product Version or ComponentMitigation / Fixed VersionNotesInstallationInstallAnywhereNoNoneNA InstallShieldYes2023 R12023 R2Updated impacted sub-module in latest release.Download remediated versions from Product and License Center Software Composition AnalysisCode InsightNoNoneNA SBOM InsightsNoNoneNA Software MonetizationCloud Licensing (CLS)NoNoneNA Compliance Intelligence (RCI)NoNoneNA FlexNet Embedded - License Server Manager (FLSM)NoNoneNA FlexNet Embedded - Local License Server (LLS)NoNoneNA FlexNet Embedded SDKYes
C-XT: All versions
Non C-XT: Versions prior 2023.09
C-XT: FlexNet Embedded 2023.09.1
Non C-XT: FlexNet Embedded 2023.09
Download remediated versions from Product and License Center FlexNet Operations - ALMNoNoneNA FlexNet Operations - LLMNoNoneNA FlexNet Operations On-PremiseNoNoneNA FlexNet PublisherNoNoneNA Usage Intelligence (RUI)NoNoneNA
The information on this page reflects:
- The assessed status of all versions of Revenera’s products that are still supported (that is, they have not yet reached their End of Life). Product lifecycle dates can be found at https://docs.revenera.com/eol/default.htm.
- GitHub Announcement of cURL Vulnerabilities
- https://curl.se/docs/CVE-2023-38545.html
- https://curl.se/docs/CVE-2023-38546.html
- 2023-12-7 13:11 CDT: Published final product assessment.
- 2023-10-10 13:03 CDT: Initial advisory posted.
- 2023-10-11 18:07 CDT: Update regarding cURL 8.4.0 patch and ongoing product assessment.
- 2023-10-12 11:13 CDT: Published initial product assessment.
- 2023-10-18 13:38 CDT: Updated assessment for FlexNet Embedded LLS and Usage Intelligence products to not affected.
- 2023-10-26 09:55 CDT: Updated assessment for FlexNet Operations Cloud ALM to not affected.
- 2023-11-17 17:47 CDT: Updated product assessment for FlexNet Embedded.
Initial Advisory (posted on Oct 10, 2023 11:03 AM)
We are aware of the recent cURL security vulnerabilities (CVE-2023-38545 and CVE-2023-38546) and are assessing which of our products may be impacted.
Once specific details regarding the impacted versions of cURL are released on October 11th, we will reconcile that with our analysis and provide further updates on any necessary remediation work. Please subscribe to this page to be notified of subsequent updates.
Thank you for your patience.
A few things to keep in mind:
Does FlexNet Publisher (FNP Client and Server) use cURL?
@clementlee - Our product teams are actively assessing potential exposure to the cURL vulnerabilities and are preparing an update for those that have completed their assessment so far.
For now, I've confirmed with the FlexNet Publisher team that FlexNet Publisher does not package or use cURL in either the client or server.