Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
200
security advisorymoderatebug fixScientific Linux: SLSA-2014:1194-1 Moderate: Conga Security Issues
Moderate: conga security and bug fix update. Date: Mon, 13 Oct 2014 15:44:25 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Bonnie King Subject: Security ERRATA Moderate: conga on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: conga security and bug fix update Advisory ID: SLSA-2014:1194-1 Issue Date: 2014-09-16 CVE Numbers: CVE-2012-5500 CVE-2012-5499 CVE-2012-5498 CVE-2012-5497 CVE-2012-5485 CVE-2012-5486 CVE-2012-5488 CVE-2013-6496 CVE-2014-3521 -- It was discovered that Plone, included as a part of luci, did not properly protect the administrator interface (control panel). A remote attacker could use this flaw to inject a specially crafted Python statement or script into Plone's restricted Python sandbox that, when the administrator interface was accessed, would be executed with the privileges of that administrator user. (CVE-2012-5485) It was discovered that Plone, included as a part of luci, did not properly sanitize HTTP headers provided within certain URL requests. A remote attacker could use a specially crafted URL that, when processed, would cause the injected HTTP headers to be returned as a part of the Plone HTTP response, potentially allowing the attacker to perform other more advanced attacks. (CVE-2012-5486) Multiple information leak flaws were found in the way conga processed luci site extension-related URL requests. A remote, unauthenticated attacker could issue a specially crafted HTTP request that, when processed, would result in unauthorized information disclosure. (CVE-2013-6496) It was discovered that various components in the luci site extension- related URLs were not properly restricted to administrative users. A remote, authenticated attacker could escalate their privileges to perform certain actions that should be restricted to administrative users, such as adding users and systems, and viewing log data. (CVE-2014-3521) It was discovered that Plone, included as a part of luci, did not properly protect theprivilege of running RestrictedPython scripts. A remote attacker could use a specially crafted URL that, when processed, would allow the attacker to submit and perform expensive computations or, in conjunction with other attacks, be able to access or alter privileged information. (CVE-2012-5488) It was discovered that Plone, included as a part of luci, did not properly enforce permissions checks on the membership database. A remote attacker could use a specially crafted URL that, when processed, could allow the attacker to enumerate user account names. (CVE-2012-5497) It was discovered that Plone, included as a part of luci, did not properly handle the processing of requests for certain collections. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive I/O and/or cache resource consumption. (CVE-2012-5498) It was discovered that Plone, included as a part of luci, did not properly handle the processing of very large values passed to an internal utility function. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive memory consumption. (CVE-2012-5499) It was discovered that Plone, included as a part of luci, allowed a remote anonymous user to change titles of content items due to improper permissions checks. (CVE-2012-5500) The CVE-2014-3521 issue was discovered by Radek Steiger of Red Hat, and the CVE-2013-6496 issue was discovered by Jan Pokorny of Red Hat. Users are directed to the Scientific Linux 5.11 Technical Notes, linked to in the References section, for information on the most significant of these changes After installing this update, the luci and ricci services will be restarted automatically. -- SL5 x86_64 conga-debuginfo-0.12.2-81.el5.x86_64.rpm luci-0.12.2-81.el5.x86_64.rpm ricci-0.12.2-81.el5.x86_64.rpm i386 conga-debuginfo-0.12.2-81.el5.i386.rpm luci-0.12.2-81.el5.i386.rpm ricci-0.12.2-81.el5.i386.rpm - Scientific Linux Development Team . Conga security enhancement addressing moderate severityvulnerabilities impacting Scientific Linux users, featuring essential bug resolutions and timely patches.. Scientific Linux, Conga Security, Remote Attack, Bug Fix, Information Leak. . LinuxSecurity.com Team
Oct 13, 2014
Scientific Linux
200
security advisorybug fixauthentication issueScientific Linux: CVE-2012-3359 Low: Conga SL5.x i386/x86_64
Low: conga security, bug fix, and enhancement update. Date: Wed, 16 Jan 2013 16:10:18 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Low: conga on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: conga security, bug fix, and enhancement update Issue Date: 2013-01-08 CVE Numbers: CVE-2012-3359 -- It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials. (CVE-2012-3359) This update also fixes the following bugs: * Prior to this update, luci did not allow the fence_apc_snmp agent to be configured. As a consequence, users could not configure or view an existing configuration for fence_apc_snmp. This update adds a new screen that allows fence_apc_snmp to be configured. * Prior to this update, luci did not allow the SSL operation of the fence_ilo fence agent to be enabled or disabled. As a consequence, users could not configure or view an existing configuration for the 'ssl' attribute for fence_ilo. This update adds a checkbox to show whether the SSL operation is enabled and allows users to edit that attribute. * Prior to this update, luci did not allow the "identity_file" attribute of the fence_ilo_mp fence agent to be viewed or edited. As a consequence, users could not configure or view an existing configuration for the "identity_file" attribute of the fence_ilo_mp fence agent. This update adds a text input box to show the current state of the "identity_file" attribute of fence_ilo_mp and allows users to edit that attribute. * Prior to this update, redundant files and directories remained on the file system at /var/lib/luci/var/pts and /usr/lib{,64}/luci/zope/var/pts when the luci package was uninstalled. This update removes these files and directories when the luci package is uninstalled. *Prior to this update, the "restart-disable" recovery policy was not displayed in the recovery policy list from which users could select when they configure a recovery policy for a failover domain. As a consequence, the "restart-disable" recovery policy could not be set with the luci GUI. This update adds the "restart-disable" recovery option to the recovery policy pulldown list. * Prior to this update, line breaks that were not anticipated in the "yum list" output could cause package upgrade and/or installation to fail when creating clusters or adding nodes to existing clusters. As a consequence, creating clusters and adding cluster nodes to existing clusters could fail. This update modifies the ricci daemon to be able to correctly handle line breaks in the "yum list" output. In addition, this update adds the following enhancements: * This update adds support for configuring the Intel iPDU fence agent to the luci package. * This update adds support for viewing and changing the state of the new 'nfsrestart' attribute to the FS and Cluster FS resource agent configuration screens. After installing this update, the luci and ricci services will be restarted automatically. -- SL5 x86_64 conga-debuginfo-0.12.2-64.el5.x86_64.rpm luci-0.12.2-64.el5.x86_64.rpm ricci-0.12.2-64.el5.x86_64.rpm i386 conga-debuginfo-0.12.2-64.el5.i386.rpm luci-0.12.2-64.el5.i386.rpm ricci-0.12.2-64.el5.i386.rpm - Scientific Linux Development Team . Conga's recent security patch tackles minor vulnerabilities, particularly those tied to user authentication and specific configuration elements.. Conga Security, Bug Fix, Scientific Linux, Configuration Issue, Session Cookies. . Severity: Low. LinuxSecurity.com Team
Jan 16, 2013
•Low
Scientific Linux
98
security advisoryred hatbug fixRed Hat 5: RHSA-2013:0128-01 Low: Conga Session Attack Fix
Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: conga security, bug fix, and enhancement update Advisory ID: RHSA-2013:0128-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0128.html Issue date: 2013-01-08 CVE Names: CVE-2012-3359 ==================================================================== 1. Summary: Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials. (CVE-2012-3359) Red Hat would like to thank George Hedfors of Cybercom Sweden East AB for reporting this issue. This update also fixes the following bugs: * Prior to this update, luci did not allow the fence_apc_snmp agent to be configured. As a consequence, users could not configure or view an existing configuration forfence_apc_snmp. This update adds a new screen that allows fence_apc_snmp to be configured. (BZ#832181) * Prior to this update, luci did not allow the SSL operation of the fence_ilo fence agent to be enabled or disabled. As a consequence, userscould not configure or view an existing configuration for the 'ssl' attribute for fence_ilo. This update adds a checkbox to show whether the SSL operation is enabled and allows users to edit that attribute. (BZ#832183) * Prior to this update, luci did not allow the "identity_file" attribute of the fence_ilo_mp fence agent to be viewed or edited. As a consequence, users could not configure or view an existing configuration for the "identity_file" attribute of the fence_ilo_mp fence agent. This update adds a text input box to show the current state of the "identity_file" attribute of fence_ilo_mp and allows users to edit that attribute. (BZ#832185) * Prior to this update, redundant files and directories remained on the file system at /var/lib/luci/var/pts and /usr/lib{,64}/luci/zope/var/pts when the luci package was uninstalled. This update removes these files and directories when the luci package is uninstalled. (BZ#835649) * Prior to this update, the "restart-disable" recovery policy was not displayed in the recovery policy list from which users could select when they configure a recovery policy for a failover domain. As a consequence, the "restart-disable" recovery policy could not be set with the luci GUI. This update adds the "restart-disable" recovery option to the recovery policy pulldown list. (BZ#839732) * Prior to this update, line breaks that were not anticipated in the "yum list" output could cause package upgrade and/or installation to fail when creating clusters or adding nodes to existing clusters. As a consequence, creating clusters and adding cluster nodes to existing clusters could fail. This update modifies the ricci daemon to be able to correctly handle line breaks in the "yum list" output. (BZ#842865) In addition, this update adds the followingenhancements: * This update adds support for configuring the Intel iPDU fence agent to the luci package. (BZ#741986) * This update adds support for viewing and changing the state of the new 'nfsrestart' attribute to the FS and Cluster FS resource agent configuration screens. (BZ#822633) All users of conga are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. After installing this update, the luci and ricci services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 607179 - CVE-2012-3359 conga: insecure handling of luci web interface sessions 832181 - fence_apc_snmp is missing from luci 832183 - Luci is missing configuration of ssl for fence_ilo 832185 - Luci cannot configure the "identity_file" attribute for fence_ilo_mp 835649 - luci uninstall will leave /var/lib/luci/var/pts and /usr/lib*/luci/zope/var/pts behind 839732 - Conga Add a Service Screen is Missing Option for Restart-Disable Recovery Policy 6. Package List: RHEL Clustering (v. 5 server): Source: i386: conga-debuginfo-0.12.2-64.el5.i386.rpm luci-0.12.2-64.el5.i386.rpm ricci-0.12.2-64.el5.i386.rpm ia64: conga-debuginfo-0.12.2-64.el5.ia64.rpm luci-0.12.2-64.el5.ia64.rpm ricci-0.12.2-64.el5.ia64.rpm ppc: conga-debuginfo-0.12.2-64.el5.ppc.rpm luci-0.12.2-64.el5.ppc.rpm ricci-0.12.2-64.el5.ppc.rpm x86_64: conga-debuginfo-0.12.2-64.el5.x86_64.rpm luci-0.12.2-64.el5.x86_64.rpm ricci-0.12.2-64.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2012-3359 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. . Latest conga updates deliver crucial improvements and fixes for Red Hat Enterprise Linux, targeting security vulnerabilities.. Conga Update, Linux Security Fixes, Red Hat Enhancements. . Severity: Low. LinuxSecurity.com Team
Jan 08, 2013
•Low
Red Hat
200
security advisoryprivilege escalationremote accessScientific Linux: Important Conga Update for Privilege Escalation Issue
Important: conga security update. Date: Thu, 31 Mar 2011 15:10:50 -0500 Reply-To: Jason Harrington Sender: Security Errata for Scientific Linux From: Jason Harrington Subject: Security ERRATA Important: conga on SL4.x i386/x86_64 Comments: To:
Mar 31, 2011
•Important
Scientific Linux
200
security advisoryprivilege escalationremote accessSciLinux: 2011-03-29 Important Conga Update on SL5 for Privilege Escalation
Important: conga security update. Date: Tue, 29 Mar 2011 17:25:12 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA Important: conga on SL5.x i386/x86_64 Comments: To: scientific MIME-Version: 1.0 This ERRATA for SL 5.x i386/x86_64 is now available from: ------------------------------------------------------------------------- Synopsis: Important: conga security update Issue date: 2011-03-29 CVE Names: CVE-2011-0720 A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720) ---------------------------------------------------------------------------- SL 5.x SRPMS: conga-0.12.2-24.el5_6.1.src.rpm i386: luci-0.12.2-24.el5_6.1.i386.rpm ricci-0.12.2-24.el5_6.1.i386.rpm x86_64: luci-0.12.2-24.el5_6.1.x86_64.rpm ricci-0.12.2-24.el5_6.1.x86_64.rpm -Connie Sieh -Troy Dawson . Important advisory for Conga regarding a vulnerability in SL5.x that could lead to privilege escalation. Secure your system now!. Conga Security Update, Privilege Escalation Fix, SL5.x Advisory. . Severity: Important. LinuxSecurity.com Team
Mar 29, 2011
•Important
Scientific Linux
200
security advisorybug fixremote accessScientific Linux: Moderated Advisory for Conga Denial of Service Risk
Moderate: conga security, bug fix, and enhancement update. Date: Tue, 13 Nov 2007 16:51:14 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for conga on SL5.x i386/x86_64 Comments: To:
Nov 13, 2007
Scientific Linux
98
security advisorydenial of serviceupdateRed Hat: RHSA-2007:0640-04 Moderate: Conga Denial Of Service
Updated conga packages that correct a security flaw and provide bug fixes and add enhancements are now available. A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: conga security, bug fix, and enhancement update Advisory ID: RHSA-2007:0640-04 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0640.html Issue date: 2007-11-07 Updated on: 2007-11-07 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4136 - ---------------------------------------------------------------------1. Summary: Updated conga packages that correct a security flaw and provide bug fixes and add enhancements are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, x86_64 3. Problem description: The Conga package is a web-based administration tool for remote cluster and storage management. A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service (CVE-2007-4136). Fixes in this updated package include: * The nodename is now set for manual fencing. * The node log no longer displays in random order. * A bug that prevented a node from responding when a cluster was deleted is now fixed. * A PAM configuration that incorrectly called the deprecated module pam_stack was removed. * A bug that prevented some quorum disk configurations from being accepted is now fixed. * Setting multicast addresses nowworks properly. * rpm -V on luci no longer fails. * The user interface rendering time for storage interface is now faster. * An error message that incorrectly appeared when rebooting nodes during cluster creation was removed. * Cluster snaps configuration (an unsupported feature) has been removed altogether to prevent user confusion. * A user permission bug resulting from a luci code error is now fixed. * luci and ricci init script return codes are now LSB-compliant. * VG creation on cluster nodes now defaults to "clustered". * An SELinux AVC bug that prevented users from setting up shared storage on nodes is now fixed. * An access error that occurred when attempting to access a cluster node after its cluster was deleted is now fixed. * IP addresses can now be used to create clusters. * Attempting to configure a fence device no longer results in an AttributeError. * Attempting to create a new fence device to a valid cluster no longer results in a KeyError. * Several minor user interface validation errors have been fixed, such as enforcing cluster name length and fence port, etc. * A browser lock-up that could occur during storage configuration has been fixed. * Virtual service creation now works without error. * The fence_xvm tag is no longer misspelled in the cluster.conf file. * Luci failover forms are complete and working. * Rebooting a fresh cluster install no longer generates an error message. * A bug that prevented failed cluster services from being started is now fixed. * A bug that caused some cluster operations (e.g., node delete) to fail on clusters with mixed-cased cluster names is now fixed. * Global cluster resources can be reused when constructing cluster services. Enhancements in this updated package include: * Users can now access Conga through Internet Explorer 6. * Dead nodes can now be evicted from a cluster. * Shared storage on new clusters is now enabled by default. * The fence user-interface flow isnow simpler. * A port number is now shown in ricci error messages. * The kmod-gfs-xen kernel module is now installed when creating a cluster. * Cluster creation status is now shown visually. * User names are now sorted for display. * The fence_xvmd tag can now be added from the dom0 cluster nodes. * The ampersand character (&) can now be used in fence names. * All packaged files are now installed with proper owners and permissions. * New cluster node members are now properly initialized. * Storage operations can now be completed even if an LVM snapshot is present. * Users are now informed via dialog when nodes are rebooted as part of a cluster operation. * Failover domains are now properly listed for virtual services and traditional clustered services. * Luci can now create and distribute keys for fence_xvmd. All Conga users are advised to upgrade to this update, which applies these fixes and enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bug IDs fixed (http://bugzilla.redhat.com/): 212006 - create cluster does not show status as cluster is being created 212022 - cannot create cluster using ip addresses 213083 - luci - should display usernames in some logical/sorted order (usability) 218964 - luci - adding node to a cluster - confirm dialog displays cluster name in place of node name (minor) 221899 - Node log displayed in partially random order 222051 - Combining reauthentication/deletion options in one luci display can cause user confusion (usability - post RHEL5 GA) 223162 - Error trying to create a new fence device for a cluster node 224011 - SELinux AVC denied { read } for pid=2390 comm="mdadm" - accessing storage on a node 225164 - Conga allows creation/rename of clusters with name greater than 15characters 225206 - Cluster cannot be deleted (from 'Manage Systems') - but no error results 225588 - luci web app does not enforce selection of fence port 225747 - Create/delete cluster - then access disk on node = Generic error on host: cluster tools: cman_tool errored 225782 - Need more luci service information on startup - no info written to log about failed start cause 226700 - cman cluster needs restart when going from > =3 to 2 nodes and 2 to > = 3 nodes 227682 - saslauthd[2274]: Deprecated pam_stack module called from service "ricci" 227743 - Intermittent/recurring problem - when cluster is deleted, sometimes a node is not affected 227758 - Entering bad password when creating a new cluster = UnboundLocalError: local variable 'e' referenced before assignment 227852 - Lack of debugging information in logs - support issue 229027 - luci failover domain forms are missing/empty 230447 - fence_xvm is incorrectly listed as "xmv" in virtual cluster 230452 - Advanced options parameters settings don't do anything 230454 - Unable to configure a virtual service 230457 - kmod-gfs-xen not installed with Conga install 230461 - 'enable shared storage' option cleared whenever there is a configuration error 230469 - Must manually edit cluster.conf on the dom0 cluster to add " " 238655 - conga does not set the "nodename" attribute for manual fencing 238726 - Conga provides no way to remove a dead node from a cluster 239327 - Online User Manual needs modification 239388 - conga storage: default VG creation should be clustered if a cluster node 239389 - conga cluster: make 'enable shared storage' the default 240034 - rpm verify fails on luci 240361 - Conga storage UI front-end is too slow rendering storage 241415 - Installation using Conga shows "error" in message during reboot cycle. 241418 - Conga tries to configurage cluster snaps, though they are not available. 241706 - Eliminate confusion in add fence flow 241727 - can't set user permissions in luci 242668 - luci init script can returnnon-LSB-compliant return codes 243701 - ricci init script can exit with non-LSB-compliant return codes 244146 - Add port number to message when ricci is not started/firewalled on cluster nodes. 244878 - Successful login results in an infinite redirection loop with MSIE 245202 - Conga needs to support Internet Explorer 6.0 and later 248317 - luci sets incorrect permissions on /usr/lib64/luci and /var/lib/luci 249066 - AttributeError when attempting to configure a fence device 249086 - Unable to add a new fence device to cluster 249091 - RFE: tell user they are about to kill all their nodes 249291 - delete node task fails to do all items listed in the help document 249641 - conga is unable to do storage operations if there is an lvm snapshot present 249868 - Use of failover domain not correctly shown 250443 - storage name warning utility produces a storm of warnings which can lock your browser 250834 - ZeroDivisionError when attempting to click an empty lvm volume group 253914 - conga doesn't allow you to reuse nfs export and nfs client resources 253994 - Cannot specify multicast address for a cluster 254038 - Impossible to set many valid quorum disk configurations via conga 336101 - CVE-2007-4136 ricci is vulnerable to a connect DoS attack 6. RPMs required: RHEL Clustering (v. 5 server): SRPMS: 533839db60dd93f88e7ec00f0d4ae91d conga-0.10.0-6.el5.src.rpm i386: b2fd36bf216e77eae3b74a99dde1ea38 conga-debuginfo-0.10.0-6.el5.i386.rpm fec2e53d98cb40a8cd72172de6d1e5b7 luci-0.10.0-6.el5.i386.rpm 617d926686f0b74efae83cc0accd99cf ricci-0.10.0-6.el5.i386.rpm ia64: 633a4af70f0ed326d3b0cce2bc1990e1 conga-debuginfo-0.10.0-6.el5.ia64.rpm 1f57552ade9a783a026985ab82295709 luci-0.10.0-6.el5.ia64.rpm 856a84b1011e78644defd836e9fa24f0 ricci-0.10.0-6.el5.ia64.rpm x86_64: b2a92084032dafac79adfd656f88173c conga-debuginfo-0.10.0-6.el5.x86_64.rpm 48ff395dd2205ddb7112bc903cba0d83 luci-0.10.0-6.el5.x86_64.rpm e1aae541e6a564c3f1d1328f93e75708 ricci-0.10.0-6.el5.x86_64.rpm Thesepackages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.cve.org/CVERecord?id=CVE-2007-4136 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2007 Red Hat, Inc. . Red Hat recommends a balanced security patch for conga to resolve a denial of service vulnerability while incorporating further improvements.. Conga Security Update, Red Hat Advisory, DoS Bug Fix. . LinuxSecurity.com Team
Nov 07, 2007
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!