UbuntuUpdates.org

Package "cacti"

Name: cacti

Description:

web interface for graphing of monitoring systems
Latest version: 0.8.8b+dfsg-5ubuntu0.2
Release: trusty (14.04)
Level: updates
Repository: universe
Homepage: http://www.cacti.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "cacti"

All arch deb package
APT INSTALL

Other versions of "cacti" in Trusty

Repository Area Version
base universe 0.8.8b+dfsg-5
security universe 0.8.8b+dfsg-5ubuntu0.2

Changelog

Version: 0.8.8b+dfsg-5ubuntu0.2 2017-02-15 03:06:33 UTC

  cacti (0.8.8b+dfsg-5ubuntu0.2) trusty-security; urgency=medium

  * Security update (backport patches from upstream)
    - CVE-2014-4000 - PHP Object Injection Vulnerabilities
    - CVE-2015-4634 - SQL injection vulnerability in graphs.php
    - CVE-2015-8369 - SQL injection vulnerability in
                      include/top_graph_header.php
    - CVE-2015-8377 - SQL injection vulnerability in host_new_graphs_save
    - CVE-2015-8604 - SQL injection vulnerability in host_new_graphs
    - CVE-2016-2313 - auth_login.php access restrictions could be bypassed
    - CVE-2016-3172 - SQL injection vulnerability in tree.php
    - CVE-2016-3659 - SQL injection vulnerability in graph_view.php

 -- Paul Gevers <email address hidden> Sat, 11 Feb 2017 14:51:18 +0100
Source diff to previous version
CVE-2014-4000 PHP Object Injection Vulnerabilities
CVE-2015-4634 SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id par
CVE-2015-8369 SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via
CVE-2015-8377 SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to e
CVE-2015-8604 SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execut
CVE-2016-2313 auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging
CVE-2016-3172 SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the paren
CVE-2016-3659 SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group

Version: 0.8.8b+dfsg-5ubuntu0.1 2015-07-01 09:06:31 UTC

  cacti (0.8.8b+dfsg-5ubuntu0.1) trusty-security; urgency=medium

  * Security update (LP: #1210822):
    - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
      before 0.8.8d allows remote attackers to inject arbitrary web script
      or HTML via unspecified vectors.
    - CVE-2015-4342 SQL Injection and Location header injection from cdef
      id
    - CVE-2015-4454 SQL injection vulnerability in the
      get_hash_graph_template function in lib/functions.php in Cacti before
      0.8.8d allows remote attackers to execute arbitrary SQL commands via
      the graph_template_id parameter to graph_templates.php.
    - Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
    - CVE-2014-5261 Unsufficient input sanitation leads to shell command
      injection possibilities
    - CVE-2014-5262 Incomplete and incorrect input parsing leads to SQL
      injection attack scenarios
    - CVE-2014-5025 Cross Site Scripting Vulnerability
    - CVE-2014-5026 Cross Site Scripting Vulnerability
    - CVE-2014-5043 Cross Site Scripting Vulnerability
    - CVE-2014-2327 Cross Site Request Forgery Vulnerability
    - CVE-2014-4002 Cross-Site Scripting Vulnerability

 -- Paul Gevers Sat, 27 Jun 2015 14:25:12 +0200
1210822 Please backport cacti security fixes
CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vector
CVE-2015-4342 SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef
CVE-2015-4454 SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute ar
CVE-2014-5261 The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharac
CVE-2014-5262 SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrar
CVE-2014-5025 Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrar
CVE-2014-5026 Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web scri
CVE-2014-5043 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed th
CVE-2014-2327 Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users fo
CVE-2014-4002 Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_act


About   -   Send Feedback to @ubuntu_updates