openSUSE Security Update : cacti (openSUSE-2015-445)
High Nessus Plugin ID 84386
SynopsisThe remote openSUSE host is missing a security update.
Descriptioncacti was updated to 0.8.8d to fix multiple security issues and bugs.
The following vulnerabilities were fixed :
- SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
- Cacti Cross-Site Scripting Vulnerability Notification [FG-VD-15-017]
- SQL Injection and Location header injection from cdef id CVE-2015-4342
- SQL injection in graph templates
Also contains bug fixes in the upstream 0.8.8d release.
SolutionUpdate the affected cacti package.