You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa cacti i cacti-spine

Sigurnosni nedostaci programskih paketa cacti i cacti-spine

openSUSE Security Update: Security update for cacti, cacti-spine
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0284-1
Rating: important
References: #1082318 #1101024 #1101139 #1122242 #1122243
#1122244 #1122245 #1122535 #1158990 #1158992
#1161297 #1163749
Cross-References: CVE-2009-4112 CVE-2018-20723 CVE-2018-20724
CVE-2018-20725 CVE-2018-20726 CVE-2019-16723
CVE-2019-17357 CVE-2019-17358 CVE-2020-7106
CVE-2020-7237
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that solves 10 vulnerabilities and has two fixes
is now available.

Description:

This update for cacti, cacti-spine fixes the following issues:

cacti-spine was updated to version 1.2.9.

Security issues fixed:

– CVE-2009-4112: Fixed a privilege escalation (bsc#1122535).
– CVE-2018-20723: Fixed a cross-site scripting (XSS) vulnerability
(bsc#1122245).
– CVE-2018-20724: Fixed a cross-site scripting (XSS) vulnerability
(bsc#1122244).
– CVE-2018-20725: Fixed a privilege escalation that could occur under
certain conditions (bsc#1122535).
– CVE-2018-20726: Fixed a cross-site scripting (XSS) vulnerability
(bsc#1122242).
– CVE-2019-16723: Fixed an authentication bypass vulnerability.
– CVE-2019-17357: Fixed an SQL injection vulnerability (bsc#1158990).
– CVE-2019-17358: Fixed an unsafe deserialization in
sanitize_unserialize_selected_items (bsc#1158992).
– CVE-2020-7106: Fixed a potential cross-site scripting (XSS)
vulnerability (bsc#1163749).
– CVE-2020-7237: Fixed a remote code execution that affected privileged
users via shell metacharacters in the Performance Boost Debug Log field
(bsc#1161297).

Non-security issues fixed:

– Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec
(boo#1101024).
– Fixed Apache2.4 and Apache2.2 runtime configuration issue (boo#1101139).

This update was imported from the openSUSE:Leap:15.1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-284=1

Package List:

– openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

cacti-spine-1.2.9-bp151.4.3.1
cacti-spine-debuginfo-1.2.9-bp151.4.3.1
cacti-spine-debugsource-1.2.9-bp151.4.3.1

– openSUSE Backports SLE-15-SP1 (noarch):

cacti-1.2.9-bp151.4.3.1

References:

https://www.suse.com/security/cve/CVE-2009-4112.html
https://www.suse.com/security/cve/CVE-2018-20723.html
https://www.suse.com/security/cve/CVE-2018-20724.html
https://www.suse.com/security/cve/CVE-2018-20725.html
https://www.suse.com/security/cve/CVE-2018-20726.html
https://www.suse.com/security/cve/CVE-2019-16723.html
https://www.suse.com/security/cve/CVE-2019-17357.html
https://www.suse.com/security/cve/CVE-2019-17358.html
https://www.suse.com/security/cve/CVE-2020-7106.html
https://www.suse.com/security/cve/CVE-2020-7237.html
https://bugzilla.suse.com/1082318
https://bugzilla.suse.com/1101024
https://bugzilla.suse.com/1101139
https://bugzilla.suse.com/1122242
https://bugzilla.suse.com/1122243
https://bugzilla.suse.com/1122244
https://bugzilla.suse.com/1122245
https://bugzilla.suse.com/1122535
https://bugzilla.suse.com/1158990
https://bugzilla.suse.com/1158992
https://bugzilla.suse.com/1161297
https://bugzilla.suse.com/1163749


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libarchive

Otkriveni su sigurnosni nedostaci programske biblioteke libarchive za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili...

Close