conga bug fix update

Updated conga packages that provide critical bug fixes are now available.

The Conga package is a web-based administration tool for remote cluster and
storage management.

This erratum applies the following bug fixes:

- The borrowed Zope packages used by Conga have been patched to eliminate
a possibility of XSS attack.
- Passwords are no longer sent back from the server in cleartext for use as
input values.
- A form error was fixed so that Conga no longer allows for cluster
names of over 15 characters.
- An error wherein clusters and systems could not be deleted from the
manage systems interface has been addressed.
- Entering an incorrect password for a system no longer generates an
Unbound Local Reference exception.
- Luci failover domain forms are no longer empty
- The fence_xvm string in cluster.conf for virtual cluster fencing has been
corrected.
- The advanced options parameters section has been fixed.
- A bug where virtual services were unable for configuration has been
addressed.
- kmod-gfs-xen is now installed when necessary.
- The 'enable shared storage support' checkbox is now cleared when a
configuration error is encountered.
- When configuring an outer physical cluster, it is no longer necessary to
add the fence_xvmd tag manually.

Users of Conga are advised to upgrade to these updated packages, which
apply these fixes.

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

228637 - CVE-2007-1462 security alert - passwords sent back from server as input value
233326 - CVE-2007-0240 Conga includes version of Zope that is vulnerable to a XSS attack
236020 - Conga allows creation/rename of clusters with name greater than 15 characters
236021 - Cluster cannot be deleted (from 'Manage Systems') - but no error results
236025 - Entering bad password when creating a new cluster = UnboundLocalError: local variable 'e' referenced before assignment
236026 - luci failover domain forms are missing/empty
236027 - fence_xvm is incorrectly listed as "xmv" in virtual cluster
236048 - Advanced options parameters settings don't do anything
236050 - Unable to configure a virtual service
236052 - kmod-gfs-xen not installed with Conga install
236054 - 'enable shared storage' option cleared whenever there is a configuration error
236055 - Must manually edit cluster.conf on the dom0 cluster to add "<fence_xvmd/>"

https://www.redhat.com/security/data/cve/CVE-2007-0240.html
https://www.redhat.com/security/data/cve/CVE-2007-1462.html