Date:         Tue, 13 Nov 2007 16:51:14 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for conga on SL5.x i386/x86_64
Comments: To: scientific-linux-errata@fnal.gov

Synopsis:	Moderate: conga security, bug fix, and enhancement update
Issue date:	2007-11-07
CVE Names:	CVE-2007-4136

A flaw was found in ricci during a code audit.  A remote attacker who is
able to connect to ricci could cause ricci to temporarily refuse additional
connections, a denial of service (CVE-2007-4136).

Fixes in this updated package include:

* The nodename is now set for manual fencing.

* The node log no longer displays in random order.

* A bug that prevented a node from responding when a cluster was deleted is
now fixed.

* A PAM configuration that incorrectly called the deprecated module
pam_stack was removed.

* A bug that prevented some quorum disk configurations from being accepted
is now fixed.

* Setting multicast addresses now works properly.

* rpm -V on luci no longer fails.

* The user interface rendering time for storage interface is now faster.

* An error message that incorrectly appeared when rebooting nodes during
cluster creation was removed.

* Cluster snaps configuration (an unsupported feature) has been removed
altogether to prevent user confusion.

* A user permission bug resulting from a luci code error is now fixed.

* luci and ricci init script return codes are now LSB-compliant.

* VG creation on cluster nodes now defaults to "clustered".

* An SELinux AVC bug that prevented users from setting up shared storage on
nodes is now fixed.

* An access error that occurred when attempting to access a cluster node
after its cluster was deleted is now fixed.

* IP addresses can now be used to create clusters.

* Attempting to configure a fence device no longer results in an
AttributeError.

* Attempting to create a new fence device to a valid cluster no longer
results in a KeyError.

* Several minor user interface validation errors have been fixed, such as
enforcing cluster name length and fence port, etc.

* A browser lock-up that could occur during storage configuration has been
fixed.

* Virtual service creation now works without error.

* The fence_xvm tag is no longer misspelled in the cluster.conf file.

* Luci failover forms are complete and working.
* Rebooting a fresh cluster install no longer generates an error message.

* A bug that prevented failed cluster services from being started is now
fixed.

* A bug that caused some cluster operations (e.g., node delete) to fail on
clusters with mixed-cased cluster names is now fixed.

* Global cluster resources can be reused when constructing cluster
services.

Enhancements in this updated package include:

* Users can now access Conga through Internet Explorer 6.

* Dead nodes can now be evicted from a cluster.

* Shared storage on new clusters is now enabled by default.

* The fence user-interface flow is now simpler.

* A port number is now shown in ricci error messages.

* The kmod-gfs-xen kernel module is now installed when creating a cluster.

* Cluster creation status is now shown visually.

* User names are now sorted for display.

* The fence_xvmd tag can now be added from the dom0 cluster nodes.

* The ampersand character (&) can now be used in fence names.

* All packaged files are now installed with proper owners and permissions.

* New cluster node members are now properly initialized.

* Storage operations can now be completed even if an LVM snapshot is 
present.

* Users are now informed via dialog when nodes are rebooted as part of a
cluster operation.

* Failover domains are now properly listed for virtual services and
traditional clustered services.

* Luci can now create and distribute keys for fence_xvmd.

SL 5.x

   SRPMS:
conga-0.10.0-6.el5.src.rpm

   i386:
luci-0.10.0-6.el5.i386.rpm
ricci-0.10.0-6.el5.i386.rpm
cluster-cim-0.10.0-5.el5.i386.rpm
cluster-snmp-0.10.0-5.el5.i386.rpm
modcluster-0.10.0-5.el5.i386.rpm
   x86_64:
luci-0.10.0-6.el5.x86_64.rpm
ricci-0.10.0-6.el5.x86_64.rpm
cluster-cim-0.10.0-5.el5.x86_64.rpm
cluster-snmp-0.10.0-5.el5.x86_64.rpm
modcluster-0.10.0-5.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2007-4136 conga SL5.x i386/x86_64

Moderate: conga security, bug fix, and enhancement update

Summary

Date:         Tue, 13 Nov 2007 16:51:14 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for conga on SL5.x i386/x86_64Comments: To: scientific-linux-errata@fnal.govSynopsis:	Moderate: conga security, bug fix, and enhancement updateIssue date:	2007-11-07CVE Names:	CVE-2007-4136A flaw was found in ricci during a code audit.  A remote attacker who isable to connect to ricci could cause ricci to temporarily refuse additionalconnections, a denial of service (CVE-2007-4136).Fixes in this updated package include:* The nodename is now set for manual fencing.* The node log no longer displays in random order.* A bug that prevented a node from responding when a cluster was deleted isnow fixed.* A PAM configuration that incorrectly called the deprecated modulepam_stack was removed.* A bug that prevented some quorum disk configurations from being acceptedis now fixed.* Setting multicast addresses now works properly.* rpm -V on luci no longer fails.* The user interface rendering time for storage interface is now faster.* An error message that incorrectly appeared when rebooting nodes duringcluster creation was removed.* Cluster snaps configuration (an unsupported feature) has been removedaltogether to prevent user confusion.* A user permission bug resulting from a luci code error is now fixed.* luci and ricci init script return codes are now LSB-compliant.* VG creation on cluster nodes now defaults to "clustered".* An SELinux AVC bug that prevented users from setting up shared storage onnodes is now fixed.* An access error that occurred when attempting to access a cluster nodeafter its cluster was deleted is now fixed.* IP addresses can now be used to create clusters.* Attempting to configure a fence device no longer results in anAttributeError.* Attempting to create a new fence device to a valid cluster no longerresults in a KeyError.* Several minor user interface validation errors have been fixed, such asenforcing cluster name length and fence port, etc.* A browser lock-up that could occur during storage configuration has beenfixed.* Virtual service creation now works without error.* The fence_xvm tag is no longer misspelled in the cluster.conf file.* Luci failover forms are complete and working.* Rebooting a fresh cluster install no longer generates an error message.* A bug that prevented failed cluster services from being started is nowfixed.* A bug that caused some cluster operations (e.g., node delete) to fail onclusters with mixed-cased cluster names is now fixed.* Global cluster resources can be reused when constructing clusterservices.Enhancements in this updated package include:* Users can now access Conga through Internet Explorer 6.* Dead nodes can now be evicted from a cluster.* Shared storage on new clusters is now enabled by default.* The fence user-interface flow is now simpler.* A port number is now shown in ricci error messages.* The kmod-gfs-xen kernel module is now installed when creating a cluster.* Cluster creation status is now shown visually.* User names are now sorted for display.* The fence_xvmd tag can now be added from the dom0 cluster nodes.* The ampersand character (&) can now be used in fence names.* All packaged files are now installed with proper owners and permissions.* New cluster node members are now properly initialized.* Storage operations can now be completed even if an LVM snapshot is present.* Users are now informed via dialog when nodes are rebooted as part of acluster operation.* Failover domains are now properly listed for virtual services andtraditional clustered services.* Luci can now create and distribute keys for fence_xvmd.SL 5.x   SRPMS:conga-0.10.0-6.el5.src.rpm   i386:luci-0.10.0-6.el5.i386.rpmricci-0.10.0-6.el5.i386.rpmcluster-cim-0.10.0-5.el5.i386.rpmcluster-snmp-0.10.0-5.el5.i386.rpmmodcluster-0.10.0-5.el5.i386.rpm   x86_64:luci-0.10.0-6.el5.x86_64.rpmricci-0.10.0-6.el5.x86_64.rpmcluster-cim-0.10.0-5.el5.x86_64.rpmcluster-snmp-0.10.0-5.el5.x86_64.rpmmodcluster-0.10.0-5.el5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved