openSUSE Security Update : cacti (openSUSE-2015-221)
High Nessus Plugin ID 81765
SynopsisThe remote openSUSE host is missing a security update.
Descriptioncacti was updated to version 0.8.8c [boo#920399]
This update fixes four vulnerabilities and adds some compatible features.
- Security fixes not previously patched :
- CVE-2014-2326 - XSS issue via CDEF editing
- CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
- CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
- CVE-2014-4002 - XSS issues in multiple files
- CVE-2014-5025 - XSS issue via data source editing
- CVE-2014-5026 - XSS issues in multiple files
- Security fixes now upstream :
- CVE-2013-5588 - XSS issue via installer or device editing
- CVE-2013-5589 - SQL injection vulnerability in device editing
New features :
- New graph tree view
- Updated graph list and graph preview
- Refactor graph tree view to remove GPL incompatible code
- Updated command line database upgrade utility
- Graph zooming now from everywhere
SolutionUpdate the affected cacti package.