- Issued:
- 2007-05-18
- Updated:
- 2007-05-18
RHBA-2007:0331 - Bug Fix Advisory
Synopsis
conga bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated conga packages that provide critical bug fixes are now available.
Description
The Conga package is a web-based administration tool for remote cluster and
storage management.
This erratum applies the following bug fixes:
- The borrowed Zope packages used by Conga have been patched to eliminate
a possibility of XSS attack. - Passwords are no longer sent back from the server in cleartext for use as
input values. - A form error was fixed so that Conga no longer allows for cluster
names of over 15 characters. - An error wherein clusters and systems could not be deleted from the
manage systems interface has been addressed. - Entering an incorrect password for a system no longer generates an
Unbound Local Reference exception. - Luci failover domain forms are no longer empty
- The fence_xvm string in cluster.conf for virtual cluster fencing has been
corrected. - The advanced options parameters section has been fixed.
- A bug where virtual services were unable for configuration has been
addressed. - kmod-gfs-xen is now installed when necessary.
- The 'enable shared storage support' checkbox is now cleared when a
configuration error is encountered. - When configuring an outer physical cluster, it is no longer necessary to
add the fence_xvmd tag manually.
Users of Conga are advised to upgrade to these updated packages, which
apply these fixes.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux High Availability (for RHEL Server) 5 x86_64
- Red Hat Enterprise Linux High Availability (for RHEL Server) 5 ia64
- Red Hat Enterprise Linux High Availability (for RHEL Server) 5 i386
- Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 5 x86_64
- Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 5 i386
Fixes
- BZ - 228637 - CVE-2007-1462 security alert - passwords sent back from server as input value
- BZ - 233326 - CVE-2007-0240 Conga includes version of Zope that is vulnerable to a XSS attack
- BZ - 236020 - Conga allows creation/rename of clusters with name greater than 15 characters
- BZ - 236021 - Cluster cannot be deleted (from 'Manage Systems') - but no error results
- BZ - 236025 - Entering bad password when creating a new cluster = UnboundLocalError: local variable 'e' referenced before assignment
- BZ - 236026 - luci failover domain forms are missing/empty
- BZ - 236027 - fence_xvm is incorrectly listed as "xmv" in virtual cluster
- BZ - 236048 - Advanced options parameters settings don't do anything
- BZ - 236050 - Unable to configure a virtual service
- BZ - 236052 - kmod-gfs-xen not installed with Conga install
- BZ - 236054 - 'enable shared storage' option cleared whenever there is a configuration error
- BZ - 236055 - Must manually edit cluster.conf on the dom0 cluster to add "<fence_xvmd/>"
CVEs
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux High Availability (for RHEL Server) 5
| SRPM | |
|---|---|
| conga-0.9.2-6.el5.src.rpm | SHA-256: 8cba8ec0d35f10edc6ab9cbd3bb69ebf9f015672a686873e808eb7003deb3846 |
| x86_64 | |
| luci-0.9.2-6.el5.x86_64.rpm | SHA-256: 82768a48bba9dbebdb26b8a0af824cdb7310530e5fb7e69cc522ddfb80d5203a |
| ricci-0.9.2-6.el5.x86_64.rpm | SHA-256: 27db14820b0ca5c4f41c8d97c9379c6d8035711f259fc51b5401bb4a933fe29e |
| ia64 | |
| luci-0.9.2-6.el5.ia64.rpm | SHA-256: 5beea531a67a765143fd2064d2fa81c54212fd05e29927206138e204ea437101 |
| ricci-0.9.2-6.el5.ia64.rpm | SHA-256: 3f8da21f026babc0ef7c37d0242a7f41c693ef2a6e0114be2c795ae523205b27 |
| i386 | |
| luci-0.9.2-6.el5.i386.rpm | SHA-256: a905a9416fc8c07ef61f9d0781d13dc5afeafa0b50ec094a06f16a269192a76b |
| ricci-0.9.2-6.el5.i386.rpm | SHA-256: e0f932a42c2a54389e6f31a8f8c4eb613f21e1205bcc024518fc672ef3a4af13 |
Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 5
| SRPM | |
|---|---|
| conga-0.9.2-6.el5.src.rpm | SHA-256: 8cba8ec0d35f10edc6ab9cbd3bb69ebf9f015672a686873e808eb7003deb3846 |
| x86_64 | |
| luci-0.9.2-6.el5.x86_64.rpm | SHA-256: 82768a48bba9dbebdb26b8a0af824cdb7310530e5fb7e69cc522ddfb80d5203a |
| ricci-0.9.2-6.el5.x86_64.rpm | SHA-256: 27db14820b0ca5c4f41c8d97c9379c6d8035711f259fc51b5401bb4a933fe29e |
| i386 | |
| luci-0.9.2-6.el5.i386.rpm | SHA-256: a905a9416fc8c07ef61f9d0781d13dc5afeafa0b50ec094a06f16a269192a76b |
| ricci-0.9.2-6.el5.i386.rpm | SHA-256: e0f932a42c2a54389e6f31a8f8c4eb613f21e1205bcc024518fc672ef3a4af13 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.