Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

RedHat Cluster Suite RHSA-2007:0983 Moderate: Conga DoS Risk Fix

red hat
Calendar Grey November 22, 2007
Dist Redhat Esm H88
New patch addresses vulnerabilities and defects in Conga for Red Hat Cluster Suite, improving overall performance and reliability.
Updated conga packages that fix a security flaw, several bugs, and add enhancements are now available for Red Hat Cluster Suite. This update has been rated as having moderate sec...

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

227723 - Entering bad password when creating a new cluster = UnboundLocalError: local variable 'e' referenced before assignment 238656 - conga does not set the "nodename" attribute for manual fencing 238727 - Conga provides no way to remove a dead node from a cluster 241414 - Installation using Conga shows "error" in message during reboot cycle. 245200 - Conga needs to support Internet Explorer 6.0 and later 253901 - No node IDs generated on new RHEL4 / DLM cluster 253905 - Quorum disk page: Minimum score does not need to be required 253906 - Quorum disk page: Error when trying to continue w/o a heuristic 286951 - conga passes fence_scsi nodename, where as it accepts only node 325501 - conga doesn't handle the cluster restart operation properly 336101 - CVE-2007-4136 ricci is vulnerable to a connect DoS attack 340101 - Storage redirection after probe does not work on WinXP with FF2

6. RPMs required:

Red Hat Cluster Suite 4AS:

SRPMS: b992c3a5173d7712bbfc342dc8b28414 conga-0.11.0-3.src.rpm

i386: f54f296e498593ff0f0bb26333083217 conga-debuginfo-0.11.0-3.i386.rpm aba9489bb5e5b33891f42afa30c1f6b8 luci-0.11.0-3.i386.rpm 2c414b9df48969dbe46423fa68f43599 ricci-0.11.0-3.i386.rpm

ia64: b4124d5f5825535d25c6649c16344efb conga-debuginfo-0.11.0-3.ia64.rpm d7fe494639979615ac1927f3421294bf luci-0.11.0-3.ia64.rpm 5eb8e073a575c78729217ea6f9a2d939 ricci-0.11.0-3.ia64.rpm

x86_64: a7288c6eb4e9667f495bbe2be78f2372 conga-debuginfo-0.11.0-3.x86_64.rpm 2c657c9aaffd6b546d943d6b6a093260 luci-0.11.0-3.x86_64.rpm 21492794c454d2903645c4a808131dce ricci-0.11.0-3.x86_64.rpm

Red Hat Cluster Suite 4ES:

SRPMS: b992c3a5173d7712bbfc342dc8b28414 conga-0.11.0-3.src.rpm

i386: f54f296e498593ff0f0bb26333083217 conga-debuginfo-0.11.0-3.i386.rpm aba9489bb5e5b33891f42afa30c1f6b8 luci-0.11.0-3.i386.rpm 2c414b9df48969dbe46423fa68f43599 ricci-0.11.0-3.i386.rpm

ia64: b4124d5f5825535d25c6649c16344efb conga-debuginfo-0.11.0-3.ia64.rpm d7fe494639979615ac1927f3421294bf luci-0.11.0-3.ia64.rpm 5eb8e073a575c78729217ea6f9a2d939 ricci-0.11.0-3.ia64.rpm

x86_64: a7288c6eb4e9667f495bbe2be78f2372 conga-debuginfo-0.11.0-3.x86_64.rpm 2c657c9aaffd6b546d943d6b6a093260 luci-0.11.0-3.x86_64.rpm 21492794c454d2903645c4a808131dce ricci-0.11.0-3.x86_64.rpm

Red Hat Cluster Suite 4WS:

SRPMS: b992c3a5173d7712bbfc342dc8b28414 conga-0.11.0-3.src.rpm

i386: f54f296e498593ff0f0bb26333083217 conga-debuginfo-0.11.0-3.i386.rpm aba9489bb5e5b33891f42afa30c1f6b8 luci-0.11.0-3.i386.rpm 2c414b9df48969dbe46423fa68f43599 ricci-0.11.0-3.i386.rpm

ia64: b4124d5f5825535d25c6649c16344efb conga-debuginfo-0.11.0-3.ia64.rpm d7fe494639979615ac1927f3421294bf luci-0.11.0-3.ia64.rpm 5eb8e073a575c78729217ea6f9a2d939 ricci-0.11.0-3.ia64.rpm

x86_64: a7288c6eb4e9667f495bbe2be78f2372 conga-debuginfo-0.11.0-3.x86_64.rpm 2c657c9aaffd6b546d943d6b6a093260 luci-0.11.0-3.x86_64.rpm 21492794c454d2903645c4a808131dce ricci-0.11.0-3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2007-4136 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2007:0983-01
Issue date: 2007-11-21
Updated on: 2007-11-21
Product: Red Hat Cluster Suite

Topic

Relevant Releases Architectures

Red Hat Cluster Suite 4AS - i386, ia64, x86_64

Red Hat Cluster Suite 4ES - i386, ia64, x86_64

Red Hat Cluster Suite 4WS - i386, ia64, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here