Mailinglist Archive: opensuse-updates (123 mails)

< Previous Next >
openSUSE-SU-2017:2765-1: moderate: Security update for cacti and cacti-spine
openSUSE Security Update: Security update for cacti and cacti-spine
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2765-1
Rating: moderate
References: #1062554
Cross-References: CVE-2017-15194
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for cacti and cacti-spine fixes the following issues:

Build version 1.1.26

- issue#841: --input-fields variable not working with add_graphs.php cli
- issue#986: Resolve minor appearance problem on Modern theme
- issue#989: Resolve issue with data input method commands loosing
spaces on import
- issue#1000: add_graphs.php not recognizing input fields
- issue#1003: Reversing resolution to Issue#995 due to adverse impact to
polling times
- issue#1008: Remove developer debug warning about thumbnail validation
- issue#1009: Resolving minor issue with cmd_realtime.php and a changing
hostname
- issue#1010: CVE-2017-15194 - Path-Based Cross-Site Scripting (XSS)
(bsc#1062554)
- issue#1027: Confirm that the PHP date.timezone setting is properly set
during install
- issue: Fixed database session handling for PHP 7.1
- issue: Fixed some missing i18n
- issue: Fixed typo's
- feature: Updated Dutch translations
- feature: Schema changes; Examined queries without key usage and
added/changed some keys
- feature: Some small improvements

Build version 1.1.25

- issue#966: Email still using SMTP security even though set to none
- issue#995: Redirecting exec_background() to dev null breaks some
functions
- issue#998: Allow removal of external data template and prevent their
creation
- issue: Remove spikes uses wrong variance value from WebGUI
- issue: Changing filters on log page does not reset to first page
- issue: Allow manual creation of external data sources once again
- feature: Updated Dutch translations

Build version 1.1.24

- issue#932: Zoom positioning breaks when you scroll the graph page
- issue#970: Remote Data Collector Cache Synchronization missing plugin
sub-directories
- issue#980: Resolve issue where a new tree branches refreshs before you
have a chance to name it
- issue#982: Data Source Profile size information not showing properly
- issue: Long sysDescriptions on automation page cause columns to be
hidden
- issue: Resolve visual issues in Classic theme
- feature: Allow Resynchronization of Poller Resource Cache

Build version 1.1.23

- issue#963: SQL Errors with snmpagent and MariaDB 10.2
- issue#964: SQL Mode optimization failing in 1.1.22

Build version 1.1.22

- issue#950: Automation - New graph rule looses name on change
- issue#952: CSV Export not rendering chinese characters correctly
(Second attempt)
- issue#955: Validation error trying to view graph debug syntax
- issue: MySQL/MariaDB database sql_mode NO_AUTO_VALUE_ON_ZERO corrupts
Cacti database
- issue: When creating a data source, the data source profile does not
default to the system default
- feature: Enhance table filters to support new Cycle plugin
- feature: Updated Dutch Translations

Build version 1.1.21

- issue#938: Problems upgrading to 1.1.20 with one table alter statement
- issue#952: CSV Export not rendering chinese characters correctly
- issue: Minor alignment issue on tables

Build version 1.1.20

- issue#920: Issue with scrollbars after update to 1.1.19 related to #902
- issue#921: Tree Mode no longer expands to accomodate full tree item
names
- issue#922: When using LDAP domains some setings are not passed
correctly to the Cacti LDAP library
- issue#923: Warninga in cacti.log are displayed incorrectly
- issue#926: Update Utilities page to provide more information on
rebuilding poller cache
- issue#927: Minor schema change to support XtraDB Cluster
- issue#929: Overlapping frames on certain themes
- issue#931: Aggregate graphs missing from list view
- issue#933: Aggregate graphs page counter off
- issue#935: Support utf8 printable in data query inserts
- issue#936: TimeZone query failure undefined function
- issue: Taking actions on users does not use callbacks
- issue: Undefined constant in lib/snmp.php on RHEL7
- issue: Human readable socket errno's not defined
- issue: Audit of ping methods tcp, udp, and icmp ping. IPv6 will still
not work till php 5.5.4


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1173=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1173=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.3 (i586 x86_64):

cacti-spine-1.1.26-16.1
cacti-spine-debuginfo-1.1.26-16.1
cacti-spine-debugsource-1.1.26-16.1

- openSUSE Leap 42.3 (noarch):

cacti-1.1.26-25.1
cacti-doc-1.1.26-25.1

- openSUSE Leap 42.2 (i586 x86_64):

cacti-spine-1.1.26-7.9.1
cacti-spine-debuginfo-1.1.26-7.9.1
cacti-spine-debugsource-1.1.26-7.9.1

- openSUSE Leap 42.2 (noarch):

cacti-1.1.26-16.9.1
cacti-doc-1.1.26-16.9.1


References:

https://www.suse.com/security/cve/CVE-2017-15194.html
https://bugzilla.suse.com/1062554


< Previous Next >
This Thread
  • No further messages