Oracle Linux 5 : conga (ELSA-2012-0151)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

[0.12.2-51.0.1.el5]
- Added conga-enterprise.patch
- Added conga-enterprise-Carthage.patch to support OEL5
- Replaced redhat logo image in conga-0.12.2.tar.gz

[0.12.2-51]
- Fix bz711494 (CVE-2011-1948 plone: reflected XSS vulnerability)
- Fix bz771920 (CVE-2011-4924 Zope: Incomplete upstream patch for
CVE-2010-1104/bz577019)

[0.12.2-45]
- Fix bz751359 (Add luci support for fence_ipmilan's -L option)

[0.12.2-44]
- Fix bz577019 (CVE-2010-1104 zope: XSS on error page)

[0.12.2-42]
- Fix bz755935 (luci_admin man page is misleading)
- Fix bz755941 (luci_admin restore is not consistent)

[0.12.2-40]
- Fix excluding busy nodes not working properly in luci internals.

[0.12.2-38]
- Additional fix for bz734562 (Improve Luci's resource name validation)

[0.12.2-37]
- Additional fix for bz734562 (Improve Luci's resource name validation)

[0.12.2-36]
- Bump version of the luci database.

[0.12.2-35]
- Fix bz739600 (conga allows erroneous characters in resource)
- Fix bz734562 (Improve Luci's resource name validation)

[0.12.2-34]
- Fix bz709478 (Ricci fails to detect if host if virtual machine capable)
- Fix bz723000 (Modifying an existing shared resource will not update
the reference in the cluster.conf)
- Fix bz723188 (Luci does not allow to modify __max_restarts and
__restart_expire_time for independent subtrees, only for non-critical
resources)

[0.12.2-33]
- Fix bz732483 (Create new cluster fails with luci when installing
packages.)

See also :

https://oss.oracle.com/pipermail/el-errata/2012-March/002649.html

Solution :

Update the affected conga packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68469 ()

Bugtraq ID: 37765
48005

CVE ID: CVE-2010-1104
CVE-2011-1948
CVE-2011-4924