Skip to navigation

Security Advisory Important: conga security update

Advisory: RHSA-2011:0394-1
Type: Security Advisory
Severity: Important
Issued on: 2011-03-28
Last updated on: 2011-03-28
Affected Products: RHEL Clustering (v. 5 server)
RHEL Clustering EUS (v. 5.6.z server)
RHEL Clustering Long Life (v. 5.6 server)
CVEs (cve.mitre.org): CVE-2011-0720

Details

Updated conga packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The conga packages provide a web-based administration tool for remote
cluster and storage management.

A privilege escalation flaw was found in luci, the Conga web-based
administration application. A remote attacker could possibly use this flaw
to obtain administrative access, allowing them to read, create, or modify
the content of the luci application. (CVE-2011-0720)

Users of Conga are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
updated packages, luci must be restarted ("service luci restart") for the
update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Clustering (v. 5 server)

SRPMS:
conga-0.12.2-24.el5_6.1.src.rpm
File outdated by:  RHBA-2011:1433
    MD5: 74d77b845dcd10e9eeb33345c1dde61e
SHA-256: 24db449f0d2485543b9b783100f2ecfe956f417d8556a092ed7c8d0b7c8c0dad
 
IA-32:
luci-0.12.2-24.el5_6.1.i386.rpm
File outdated by:  RHBA-2013:1358
    MD5: b0ad76a9347c5799a2c47c456b9e27a0
SHA-256: c7b95a46f86eccdc8830c26984166058fec30ff7a08bbea877842b64899136f9
ricci-0.12.2-24.el5_6.1.i386.rpm
File outdated by:  RHBA-2013:1358
    MD5: 629fe0571873a4526839c0a45806818c
SHA-256: 027577f3bb25e1d1805b375c23cae81fdd71259c2d07b4c86faba93c1a62cde1
 
IA-64:
luci-0.12.2-24.el5_6.1.ia64.rpm
File outdated by:  RHBA-2013:1358
    MD5: 34c469355b74cdd5c2f6de818bb35c83
SHA-256: bae461348664f780c9e984809362f3a2ca80c472f7c5186ee8ab196a782bf349
ricci-0.12.2-24.el5_6.1.ia64.rpm
File outdated by:  RHBA-2013:1358
    MD5: 99538e8418005f9964d6bca3c2c0489c
SHA-256: 113ee8ed35daf6940faa331f87e534f168ae313a49449e16f9c953e982fbfb37
 
PPC:
luci-0.12.2-24.el5_6.1.ppc.rpm
File outdated by:  RHBA-2013:1358
    MD5: 65244c16b93973638df151a1864866b7
SHA-256: bc03c548e324a276c1a2aee16dbb97cd06faf97d11e17b158e8a6f476e37e42b
ricci-0.12.2-24.el5_6.1.ppc.rpm
File outdated by:  RHBA-2013:1358
    MD5: dba6039f2b0be6972f5dbad80d35507c
SHA-256: 1edf3a6420ddc303a4dac982c35c401652385d8760d0ce41949f1a32b6a5e62b
 
x86_64:
luci-0.12.2-24.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2013:1358
    MD5: a9a8b19bbb726bec73cdb938fed6ece7
SHA-256: 2cef3f1e8e7c3fc1b2f1b0988f1e74fa670badba58123e47f8eecfbe469838fa
ricci-0.12.2-24.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2013:1358
    MD5: fff38a684f097a6957c0eee8ddc188ef
SHA-256: 778c5febeb7a85d7b60b9a98ad89ff23f5c9b04bcc5b40d1f6a31e880588bb75
 
RHEL Clustering EUS (v. 5.6.z server)

SRPMS:
conga-0.12.2-24.el5_6.1.src.rpm
File outdated by:  RHBA-2011:1433
    MD5: 74d77b845dcd10e9eeb33345c1dde61e
SHA-256: 24db449f0d2485543b9b783100f2ecfe956f417d8556a092ed7c8d0b7c8c0dad
 
IA-32:
luci-0.12.2-24.el5_6.1.i386.rpm
File outdated by:  RHBA-2011:1433
    MD5: b0ad76a9347c5799a2c47c456b9e27a0
SHA-256: c7b95a46f86eccdc8830c26984166058fec30ff7a08bbea877842b64899136f9
ricci-0.12.2-24.el5_6.1.i386.rpm
File outdated by:  RHBA-2011:1433
    MD5: 629fe0571873a4526839c0a45806818c
SHA-256: 027577f3bb25e1d1805b375c23cae81fdd71259c2d07b4c86faba93c1a62cde1
 
IA-64:
luci-0.12.2-24.el5_6.1.ia64.rpm
File outdated by:  RHBA-2011:1433
    MD5: 34c469355b74cdd5c2f6de818bb35c83
SHA-256: bae461348664f780c9e984809362f3a2ca80c472f7c5186ee8ab196a782bf349
ricci-0.12.2-24.el5_6.1.ia64.rpm
File outdated by:  RHBA-2011:1433
    MD5: 99538e8418005f9964d6bca3c2c0489c
SHA-256: 113ee8ed35daf6940faa331f87e534f168ae313a49449e16f9c953e982fbfb37
 
PPC:
luci-0.12.2-24.el5_6.1.ppc.rpm
File outdated by:  RHBA-2011:1433
    MD5: 65244c16b93973638df151a1864866b7
SHA-256: bc03c548e324a276c1a2aee16dbb97cd06faf97d11e17b158e8a6f476e37e42b
ricci-0.12.2-24.el5_6.1.ppc.rpm
File outdated by:  RHBA-2011:1433
    MD5: dba6039f2b0be6972f5dbad80d35507c
SHA-256: 1edf3a6420ddc303a4dac982c35c401652385d8760d0ce41949f1a32b6a5e62b
 
x86_64:
luci-0.12.2-24.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2011:1433
    MD5: a9a8b19bbb726bec73cdb938fed6ece7
SHA-256: 2cef3f1e8e7c3fc1b2f1b0988f1e74fa670badba58123e47f8eecfbe469838fa
ricci-0.12.2-24.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2011:1433
    MD5: fff38a684f097a6957c0eee8ddc188ef
SHA-256: 778c5febeb7a85d7b60b9a98ad89ff23f5c9b04bcc5b40d1f6a31e880588bb75
 
RHEL Clustering Long Life (v. 5.6 server)

SRPMS:
conga-0.12.2-24.el5_6.1.src.rpm
File outdated by:  RHBA-2011:1433
    MD5: 74d77b845dcd10e9eeb33345c1dde61e
SHA-256: 24db449f0d2485543b9b783100f2ecfe956f417d8556a092ed7c8d0b7c8c0dad
 
IA-32:
luci-0.12.2-24.el5_6.1.i386.rpm
File outdated by:  RHBA-2011:1433
    MD5: b0ad76a9347c5799a2c47c456b9e27a0
SHA-256: c7b95a46f86eccdc8830c26984166058fec30ff7a08bbea877842b64899136f9
ricci-0.12.2-24.el5_6.1.i386.rpm
File outdated by:  RHBA-2011:1433
    MD5: 629fe0571873a4526839c0a45806818c
SHA-256: 027577f3bb25e1d1805b375c23cae81fdd71259c2d07b4c86faba93c1a62cde1
 
IA-64:
luci-0.12.2-24.el5_6.1.ia64.rpm
File outdated by:  RHBA-2011:1433
    MD5: 34c469355b74cdd5c2f6de818bb35c83
SHA-256: bae461348664f780c9e984809362f3a2ca80c472f7c5186ee8ab196a782bf349
ricci-0.12.2-24.el5_6.1.ia64.rpm
File outdated by:  RHBA-2011:1433
    MD5: 99538e8418005f9964d6bca3c2c0489c
SHA-256: 113ee8ed35daf6940faa331f87e534f168ae313a49449e16f9c953e982fbfb37
 
x86_64:
luci-0.12.2-24.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2011:1433
    MD5: a9a8b19bbb726bec73cdb938fed6ece7
SHA-256: 2cef3f1e8e7c3fc1b2f1b0988f1e74fa670badba58123e47f8eecfbe469838fa
ricci-0.12.2-24.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2011:1433
    MD5: fff38a684f097a6957c0eee8ddc188ef
SHA-256: 778c5febeb7a85d7b60b9a98ad89ff23f5c9b04bcc5b40d1f6a31e880588bb75
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

676961 - CVE-2011-0720 plone: unauthorized remote administrative access


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/