Oracle Linux 5 : conga (ELSA-2012-0151)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

- Added conga-enterprise.patch
- Added conga-enterprise-Carthage.patch to support OEL5
- Replaced redhat logo image in conga-0.12.2.tar.gz

- Fix bz711494 (CVE-2011-1948 plone: reflected XSS vulnerability)
- Fix bz771920 (CVE-2011-4924 Zope: Incomplete upstream patch for

- Fix bz751359 (Add luci support for fence_ipmilan's -L option)

- Fix bz577019 (CVE-2010-1104 zope: XSS on error page)

- Fix bz755935 (luci_admin man page is misleading)
- Fix bz755941 (luci_admin restore is not consistent)

- Fix excluding busy nodes not working properly in luci internals.

- Additional fix for bz734562 (Improve Luci's resource name validation)

- Additional fix for bz734562 (Improve Luci's resource name validation)

- Bump version of the luci database.

- Fix bz739600 (conga allows erroneous characters in resource)
- Fix bz734562 (Improve Luci's resource name validation)

- Fix bz709478 (Ricci fails to detect if host if virtual machine capable)
- Fix bz723000 (Modifying an existing shared resource will not update
the reference in the cluster.conf)
- Fix bz723188 (Luci does not allow to modify __max_restarts and
__restart_expire_time for independent subtrees, only for non-critical

- Fix bz732483 (Create new cluster fails with luci when installing

See also :

Solution :

Update the affected conga packages.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68469 ()

Bugtraq ID: 37765

CVE ID: CVE-2010-1104