openSUSE Security Update : cacti / cacti-spine (openSUSE-2017-999)
Medium Nessus Plugin ID 102969
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for cacti and cacti-spine fixes security issues and bugs.
The following vulnerabilities were fixed :
- CVE-2017-12927: Cross-site scripting vulnerability in methodparameter (bsc#1054390)
- CVE-2017-12978:Cross-site scripting vulnerability via the title field (bsc#1054742) It also contains all upstream bug fixes and improvements in the 1.1.18 release :
- Sort devices by polling time to allow long running d
- Allow user to hide Graphs from disabled Devices
- Create a separate Realm for Realtime Graphs
- updated translations
- Can now export Device table results to CSV
- Allow Log Rotation to be other than Daily, and other log rotation improvements
SolutionUpdate the affected cacti / cacti-spine packages.