Our Zone and agents are all running 23.4, with these patches:
ZCM_23.4.0_FTF_Server_95
ZCM_23.4.0_FTF_Agent_Defect_488018
ZCM_23.4.0_FTF_Agent_Defect_693002_726008
ZCM_23.4.0_FTF_Agent_Defect_710035
ZCM_23.4.0_FTF_Agent_Defect_717009
ZCM_23.4.0_FTF_Agent_Defect_721010a
ZCM_23.4.0_FTF_Agent_Defect_748009
The Linux managed devices all run the Tenable Nessus agent, this scans for vulnerabilitires. It has found the following (truncated for sanity purposes!):
"
Azul Zulu Java Multiple Vulnerabilities (2024-04-16) Azul Zulu OpenJDK is affected by multiple vulnerabilities. "The version of Azul Zulu installed on the remote host is prior to 6 < 6.63.0.14 / 7 < 7.69.0.14 / 8 < 8.77.0.14 / 11 < 11.71.14 / 17 < 17.49.16 / 21 < 21.33.14 / 22 < 22.30.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-04-16 advisory.
CVE-2023-41993
CVE-2024-21002
CVE-2024-21004
CVE-2024-21003
CVE-2024-21005
CVE-2024-21011
CVE-2024-21012
CVE-2024-21068
CVE-2024-21085
CVE-2024-21094
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number." Apply the appropriate patch according to the April 2024 Azul Zulu OpenJDK Patch Update advisory. docs.azul.com/.../release-notes "
Path : /opt/novell/zenworks/share/zmd/
Installed version : 8.72.0.17 (CA)
Fixed version : Upgrade to a version 8.78.0.19 (CA) and above
"
Checking this file version:
# /opt/novell/zenworks/share/zmd/java/bin/java -version
openjdk version "1.8.0_382"
OpenJDK Runtime Environment (Zulu 8.72.0.17-CA-linux64) (build 1.8.0_382-b05)
OpenJDK 64-Bit Server VM (Zulu 8.72.0.17-CA-linux64) (build 25.382-b05, mixed mode)
# rpm -qf /opt/novell/zenworks/share/zmd/java/bin/java
novell-zenworks-jre-1.8.0_382-1.x86_64
Is there a fix for this vulnerability?
I see ZCM 24.2 has been released, does this include a later (fixed) version?
Thanks!