Synopsis: Important: conga security update Issue date: 2011-03-28 CVE Names: CVE-2011-0720 The conga packages provide a web-based administration tool for remote cluster and storage management. A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720) Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted ("service luci restart") for the update to take effect. SL 4x SRPMS: conga-0.11.2-4.el4.2.src.rpm i386: luci-0.11.2-4.el4.2.i386.rpm ricci-0.11.2-4.el4.2.i386.rpm Dependencies for SL 40-43: oddjob-0.26-1.1.i386.rpm oddjob-devel-0.26-1.1.i386.rpm oddjob-libs-0.26-1.1.i386.rpm x86_64: luci-0.11.2-4.el4.2.x86_64.rpm ricci-0.11.2-4.el4.2.x86_64.rpm Dependencies for SL 40-43: oddjob-0.26-1.1.x86_64.rpm oddjob-devel-0.26-1.1.x86_64.rpm oddjob-libs-0.26-1.1.x86_64.rpm - Scientific Linux Development Team