RHBA-2010:0289 - Bug Fix Advisory

Topic

Updated Conga packages that fix numerous bugs (including a regression
introduced between Red Hat Enterprise Linux 5.3 and Red Hat Enterprise
Linux 5.4) and add the ability to reset user passwords when logged in to
luci as an administrator are now available.

Description

The Conga project is a management system for remote workstations. It
consists of luci, which is a secure web-based front-end, and ricci, which
is a secure daemon that dispatches incoming messages to underlying
management modules.

This update applies the following bug fixes:

• The behavior of the virsh command changed between Red Hat Enterprise

Linux 5.3 and Red Hat Enterprise Linux 5.4. In Red Hat Enterprise Linux
5.4, non-root users must add a "--read-only" flag to virsh commands. The
ricci component runs the "virsh nodeinfo" command to determine whether a
node can host a Virtual Machine service and it does so as a non-root user.
As a consequence, when run under Red Hat Enterprise Linux 5.4, the "virsh
nodeinfo" command returned no information and luci did not provide an "Add
a virtual machine service" option to Services in the Cluster tab for
clusters that were expected to offer such services. With this update, ricci
now runs a "virsh nodeinfo --readonly" command in line with the changed
behavior, and luci provides options to add Virtual Machine services as
expected. (BZ#519252)

• luci failed to start. (BZ#469881)
• Conga doesn't run with SELinux. (BZ#476698)
• Conga does not add the name of the managed system when adding an "LPAR

Fencing" fence device to a node. (BZ#508142)

• fs resource will remount itself if any configuration changes are made to

cluster.conf. (BZ#514051)

• luci does not validate passwords and incorrect characters can be used.

(BZ#519050)

• previously, the shebang lines in luci's python executables pointed to

"/usr/bin/env python" rather than explicitly referencing the version of
Python installed on the system. This broke those executables in the case
where a user was installing an alternative Python version. With this
update, all shebang lines point explicitly to the system version at
/usr/bin/python. (BZ#521884)

• Conga does not properly handle HA LVM types. (BZ#530129)

This update adds the following enhancement:

• the ability to reset user passwords when logged in to luci as an

administrator was added. (BZ#519268)

All Conga users are advised to upgrade to these updated packages, which
resolve these issues and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux High Availability for x86_64 5 x86_64
• Red Hat Enterprise Linux High Availability for x86_64 5 ppc
• Red Hat Enterprise Linux High Availability for x86_64 5 ia64
• Red Hat Enterprise Linux High Availability for x86_64 5 i386
• Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 5 x86_64
• Red Hat Enterprise Linux High Availability (for RHEL Server) from RHUI 5 i386

Fixes

• BZ - 469881 - luci failed to start
• BZ - 476698 - conga doesn't run with selinux
• BZ - 514051 - fs resource will remount itself if any config changes are made to cluster.conf
• BZ - 519050 - Luci does not validate passwords and incorrect characters can be used
• BZ - 519252 - Conga does not show the option to add a virtual machine service
• BZ - 521884 - Fix instances of #!/usr/bin/env python in luci
• BZ - 530129 - conga does not properly handle HA LVM types

CVEs

(none)

References

(none)