Oracle Linux 5 : conga (ELSA-2013-0128)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

[0.12.2-64.0.2.el5]
- Remove conga-enterprise.patch

[0.12.2-64.0.1.el5]
- Added conga-enterprise.patch
- Added conga-enterprise-Carthage.patch to support OEL5
- Replaced redhat logo image in conga-0.12.2.tar.gz and Data.fs

[0.12.2-64]
- Improvements for bz786372 (Better protect luci's authentication cookie)
- Improvements for bz607179 (Improper handling of session timeouts)

[0.12.2-60]
- Improvements for bz832185 (Luci cannot configure the 'identity_file'
attribute for fence_ilo_mp)
- Improvements for bz822633 (Add luci support for nfsrestart)

[0.12.2-59]
- Fix bz835649 (luci uninstall will leave /var/lib/luci/var/pts and
/usr/lib*/luci/zope/var/pts behind)

[0.12.2-58]
- Fix bz832183 (Luci is missing configuration of ssl for fence_ilo)

[0.12.2-57]
- Fix bz835649 (luci uninstall will leave /var/lib/luci/var/pts and
/usr/lib*/luci/zope/var/pts behind)

[0.12.2-56]
- Fix bz842865 (Conga unable to find/install packages due to line breaks
in yum output)

[0.12.2-55]
- Add support for IBM iPDU fencing configuration (Resolves bz741986)

[0.12.2-54]
- Fix bz839732 (Conga Add a Service Screen is Missing Option for
Restart-Disable Recovery Policy)

[0.12.2-53]
- Fix bz786372 (Better protect luci's authentication cookie)
- Fix bz607179 (Improper handling of session timeouts)

[0.12.2-52]
- Fix bz822633 (Add luci support for nfsrestart)
- Fix bz832181 (fence_apc_snmp is missing from luci)
- Fix bz832183 (Luci is missing configuration of ssl for fence_ilo)
- Fix bz832185 (Luci cannot configure the 'identity_file' attribute for
fence_ilo_mp)

See also :

https://oss.oracle.com/pipermail/el-errata/2013-January/003200.html

Solution :

Update the affected conga packages.

Risk factor :

Low / CVSS Base Score : 3.7
(CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P)

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68699 ()

Bugtraq ID:

CVE ID: CVE-2012-3359
CVE-2013-7347