Mailinglist Archive: opensuse-updates (98 mails)

< Previous Next >
openSUSE-SU-2015:0479-1: moderate: Security update for cacti
openSUSE Security Update: Security update for cacti

Announcement ID: openSUSE-SU-2015:0479-1
Rating: moderate
References: #920399
Cross-References: CVE-2014-2327 CVE-2014-4002 CVE-2014-5025
Affected Products:
openSUSE 13.2
openSUSE 13.1

An update that fixes four vulnerabilities is now available.


cacti was updated to version 0.8.8c [boo#920399]

This update fixes four vulnerabilities and adds some compatible features.
- Security fixes not previously patched:
- CVE-2014-2326 - XSS issue via CDEF editing
- CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
- CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
- CVE-2014-4002 - XSS issues in multiple files
- CVE-2014-5025 - XSS issue via data source editing
- CVE-2014-5026 - XSS issues in multiple files
- Security fixes now upstream:
- CVE-2013-5588 - XSS issue via installer or device editing
- CVE-2013-5589 - SQL injection vulnerability in device editing

New features:
- New graph tree view
- Updated graph list and graph preview
- Refactor graph tree view to remove GPL incompatible code
- Updated command line database upgrade utility
- Graph zooming now from everywhere

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-221=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-221=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.2 (noarch):


- openSUSE 13.1 (noarch):



< Previous Next >
This Thread
  • No further messages