Scientific Linux Security Update : conga on SL5.x i386/x86_64
Medium Nessus Plugin ID 60284
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service (CVE-2007-4136).
Fixes in this updated package include :
- The nodename is now set for manual fencing.
- The node log no longer displays in random order.
- A bug that prevented a node from responding when a cluster was deleted is now fixed.
- A PAM configuration that incorrectly called the deprecated module pam_stack was removed.
- A bug that prevented some quorum disk configurations from being accepted is now fixed.
- Setting multicast addresses now works properly.
- rpm -V on luci no longer fails.
- The user interface rendering time for storage interface is now faster.
- An error message that incorrectly appeared when rebooting nodes during cluster creation was removed.
- Cluster snaps configuration (an unsupported feature) has been removed altogether to prevent user confusion.
- A user permission bug resulting from a luci code error is now fixed.
- luci and ricci init script return codes are now LSB-compliant.
- VG creation on cluster nodes now defaults to 'clustered'.
- An SELinux AVC bug that prevented users from setting up shared storage on nodes is now fixed.
- An access error that occurred when attempting to access a cluster node after its cluster was deleted is now fixed.
- IP addresses can now be used to create clusters.
- Attempting to configure a fence device no longer results in an AttributeError.
- Attempting to create a new fence device to a valid cluster no longer results in a KeyError.
- Several minor user interface validation errors have been fixed, such as enforcing cluster name length and fence port, etc.
- A browser lock-up that could occur during storage configuration has been fixed.
- Virtual service creation now works without error.
- The fence_xvm tag is no longer misspelled in the cluster.conf file.
- Luci failover forms are complete and working.
- Rebooting a fresh cluster install no longer generates an error message.
- A bug that prevented failed cluster services from being started is now fixed.
- A bug that caused some cluster operations (e.g., node delete) to fail on clusters with mixed-cased cluster names is now fixed.
- Global cluster resources can be reused when constructing cluster services.
Enhancements in this updated package include :
- Users can now access Conga through Internet Explorer 6.
- Dead nodes can now be evicted from a cluster.
- Shared storage on new clusters is now enabled by default.
- The fence user-interface flow is now simpler.
- A port number is now shown in ricci error messages.
- The kmod-gfs-xen kernel module is now installed when creating a cluster.
- Cluster creation status is now shown visually.
- User names are now sorted for display.
- The fence_xvmd tag can now be added from the dom0 cluster nodes.
- The ampersand character (&) can now be used in fence names.
- All packaged files are now installed with proper owners and permissions.
- New cluster node members are now properly initialized.
- Storage operations can now be completed even if an LVM snapshot is present.
- Users are now informed via dialog when nodes are rebooted as part of a cluster operation.
- Failover domains are now properly listed for virtual services and traditional clustered services.
- Luci can now create and distribute keys for fence_xvmd.
SolutionUpdate the affected packages.