Detections
Analytics

openSUSE Security Update : cacti and cacti-spine (openSUSE-2017-1173)

medium Nessus Plugin ID 104078

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for cacti and cacti-spine fixes the following issues :

Build version 1.1.26

 - issue#841: --input-fields variable not working with add_graphs.php cli

 - issue#986: Resolve minor appearance problem on Modern theme

 - issue#989: Resolve issue with data input method commands loosing spaces on import

 - issue#1000: add_graphs.php not recognizing input fields

 - issue#1003: Reversing resolution to Issue#995 due to adverse impact to polling times

 - issue#1008: Remove developer debug warning about thumbnail validation

 - issue#1009: Resolving minor issue with cmd_realtime.php and a changing hostname

 - issue#1010: CVE-2017-15194 - Path-Based Cross-Site Scripting (XSS) (bsc#1062554)

 - issue#1027: Confirm that the PHP date.timezone setting is properly set during install

 - issue: Fixed database session handling for PHP 7.1

 - issue: Fixed some missing i18n

 - issue: Fixed typo's

 - feature: Updated Dutch translations

 - feature: Schema changes; Examined queries without key usage and added/changed some keys

 - feature: Some small improvements Build version 1.1.25

 - issue#966: Email still using SMTP security even though set to none

 - issue#995: Redirecting exec_background() to dev null breaks some functions

 - issue#998: Allow removal of external data template and prevent their creation

 - issue: Remove spikes uses wrong variance value from WebGUI

 - issue: Changing filters on log page does not reset to first page

 - issue: Allow manual creation of external data sources once again

 - feature: Updated Dutch translations

Build version 1.1.24

 - issue#932: Zoom positioning breaks when you scroll the graph page

 - issue#970: Remote Data Collector Cache Synchronization missing plugin sub-directories

 - issue#980: Resolve issue where a new tree branches refreshs before you have a chance to name it

 - issue#982: Data Source Profile size information not showing properly

 - issue: Long sysDescriptions on automation page cause columns to be hidden

 - issue: Resolve visual issues in Classic theme

 - feature: Allow Resynchronization of Poller Resource Cache

Build version 1.1.23

 - issue#963: SQL Errors with snmpagent and MariaDB 10.2

 - issue#964: SQL Mode optimization failing in 1.1.22

Build version 1.1.22

 - issue#950: Automation - New graph rule looses name on change

 - issue#952: CSV Export not rendering chinese characters correctly (Second attempt)

 - issue#955: Validation error trying to view graph debug syntax

 - issue: MySQL/MariaDB database sql_mode NO_AUTO_VALUE_ON_ZERO corrupts Cacti database

 - issue: When creating a data source, the data source profile does not default to the system default

 - feature: Enhance table filters to support new Cycle plugin

 - feature: Updated Dutch Translations

Build version 1.1.21

 - issue#938: Problems upgrading to 1.1.20 with one table alter statement

 - issue#952: CSV Export not rendering chinese characters correctly

 - issue: Minor alignment issue on tables

Build version 1.1.20

 - issue#920: Issue with scrollbars after update to 1.1.19 related to #902

 - issue#921: Tree Mode no longer expands to accomodate full tree item names

 - issue#922: When using LDAP domains some setings are not passed correctly to the Cacti LDAP library

 - issue#923: Warninga in cacti.log are displayed incorrectly

 - issue#926: Update Utilities page to provide more information on rebuilding poller cache

 - issue#927: Minor schema change to support XtraDB Cluster

 - issue#929: Overlapping frames on certain themes

 - issue#931: Aggregate graphs missing from list view

 - issue#933: Aggregate graphs page counter off

 - issue#935: Support utf8 printable in data query inserts

 - issue#936: TimeZone query failure undefined function

 - issue: Taking actions on users does not use callbacks

 - issue: Undefined constant in lib/snmp.php on RHEL7

 - issue: Human readable socket errno's not defined

 - issue: Audit of ping methods tcp, udp, and icmp ping.
 IPv6 will still not work till php 5.5.4

Solution

Update the affected cacti and cacti-spine packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1062554

Plugin Details

Severity: Medium

ID: 104078

File Name: openSUSE-2017-1173.nasl

Version: 3.4

Type: local

Agent: unix

Published: 10/23/2017

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:cacti, p-cpe:/a:novell:opensuse:cacti-spine, p-cpe:/a:novell:opensuse:cacti-spine-debuginfo, p-cpe:/a:novell:opensuse:cacti-spine-debugsource, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/18/2017

Reference Information

CVE: CVE-2017-15194