UbuntuUpdates.org

Package "cacti"

Name: cacti

Description:

web interface for graphing of monitoring systems
Latest version: 1.2.10+ds1-1ubuntu1.1
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://www.cacti.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "cacti"

All arch deb package
APT INSTALL

Other versions of "cacti" in Focal

Repository Area Version
base universe 1.2.10+ds1-1ubuntu1
updates universe 1.2.10+ds1-1ubuntu1.1

Changelog

Version: 1.2.10+ds1-1ubuntu1.1 2024-08-20 14:07:12 UTC

  cacti (1.2.10+ds1-1ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: remote code execution issue
    - debian/patches/CVE-2024-25641.patch: fix RCE exploitable through the
      "Package Import" feature
    - debian/patches/CVE-2024-31459.patch: fix file inclusion issue in the
      lib/plugin.php
    - CVE-2024-25641
    - CVE-2024-31459
  * SECURITY UPDATE: cross-site scripting issue
    - debian/patches/CVE-2024-31443.patch: fix HTML statement in
      `grow_right_pane_tree()` function from `lib/html.php`
    - debian/patches/CVE-2024-31444.patch: fix
      automation_tree_rules_form_save() function in automation_tree_rules.php
    - CVE-2024-31443
    - CVE-2024-31444
  * SECURITY UPDATE: sql injection issue
    - debian/patches/CVE-2024-31445.patch: fix `automation_get_new_graphs_sql`
      function of `api_automation.php`
    - debian/patches/CVE-2024-31458.patch: fix `form_save()` function in
      `graph_template_inputs.php`
    - debian/patches/CVE-2024-31460.patch: fix `create_all_header_nodes()`
      function from `lib/api_automation.php`
    - CVE-2024-31445
    - CVE-2024-31458
    - CVE-2024-31460
  * SECURITY UPDATE: type juggling issue
    - debian/patches/CVE-2024-34340.patch: fix issue in `compat_password_verify`
      method
    - CVE-2024-34340
  * debian/tests/check-all-pages: update filtered log for
    /var/log/cacti/cacti.log test

 -- Nishit Majithia <email address hidden> Mon, 19 Aug 2024 18:04:35 +0530
CVE-2024-25641 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable
CVE-2024-31459 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.
CVE-2024-31443 Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_
CVE-2024-31444 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_f
CVE-2024-31445 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_ne
CVE-2024-31458 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function i
CVE-2024-31460 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.p
CVE-2024-34340 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set t


About   -   Send Feedback to @ubuntu_updates