Security Enhancements; Issues Resolved - Novell ZENWORKS PATCH MANAGEMENT 6.3 - RELEASE NOTES Release Note

Security Enhancements

•
A Logout link is added to the header of the management console allowing users to logout of the
system. Users are redirected to a page explaining they are logged out of the system and their
security credentials are removed from both the server and client side caches once this link is
clicked. Note: Clearing client-side credentials is only available in Internet Explorer.
•
A Change Password wizard is added enabling a user to change the password associated with the
account they use to login to the ZENworks Patch Management Server .
•
The ZENworks Patch Management Server authenticates with the subscription network using
PatchLink's modified Diffie-Hellman key negotiation mechanism.
•
Data sent between the ZENworks Patch Management Server and the subscription network will
be encrypted using PatchLink's modified AES encryption mechanism using RSA libraries.
•
Administrators can enable SSL for all communication between the ZENworks Patch
Management Server and the subscription network.
•
Administrators can enable bandwidth throttling, and when enabled, set the maximum amount of
bandwidth (in kilobytes per second) used to communicate with the subscription network.
•
Administrators can specify a proxy server for the ZENworks Patch Management Server to use
when communicating with the subscription network. Administrators can provide user name and
password credentials for the ZENworks Patch Management Server to use in the event that the
proxy server requires authentication.
•
The ZENworks Patch Management Server determines the number of days remaining before the
user's account is set to expire once a user logs into the management console (assuming
password expiration is enabled within Microsoft Windows). The user is warned about the
upcoming password expiration via bold, red text displayed in the header of the management
console once per login.
•
Database output is encoded to protect the ZENworks Patch Management Server from cross-site
scripting.
•
Data input to the ZENworks Patch Management Server is validated and encoded ensuring no
executable code is stored and displayed to the user via the management console.
•
All user-specified controls validate the data being entered is applicable The interfaces used by
the agent to upload DAU results and Inventory data encode all uploaded data.
•
Users must login to the site again if their session times out.

Issues Resolved

The ZENworks Patch Management 6.3 release resolved the following issues:
•
Novell Mandatory Baseline may not notify users of deployments
•
Computer inventory by Type equals Operating System might have failed to return data
•
When trying to modify the Computers page default view, users might have received a Page
Cannot Be Displayed error
ZENworks Patch Management Server 6.3 - Release Notes
- 11 -