UbuntuUpdates.org

Package "cacti"

Name: cacti

Description:

web interface for graphing of monitoring systems

Latest version: 1.2.19+ds1-2ubuntu1.1
Release: jammy (22.04)
Level: security
Repository: universe
Homepage: https://www.cacti.net/

Links


Download "cacti"


Other versions of "cacti" in Jammy

Repository Area Version
base universe 1.2.19+ds1-2ubuntu1
updates universe 1.2.19+ds1-2ubuntu1.1

Changelog

Version: 1.2.19+ds1-2ubuntu1.1 2024-08-20 14:07:13 UTC

  cacti (1.2.19+ds1-2ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: remote code execution issue
    - debian/patches/CVE-2024-25641.patch: fix RCE exploitable through the
      "Package Import" feature
    - debian/patches/CVE-2024-31459.patch: fix file inclusion issue in the
      lib/plugin.php
    - CVE-2024-25641
    - CVE-2024-31459
  * SECURITY UPDATE: cross-site scripting issue
    - debian/patches/CVE-2024-31443.patch: fix HTML statement in
      `grow_right_pane_tree()` function from `lib/html.php`
    - debian/patches/CVE-2024-31444.patch: fix
      automation_tree_rules_form_save() function in automation_tree_rules.php
    - CVE-2024-31443
    - CVE-2024-31444
  * SECURITY UPDATE: sql injection issue
    - debian/patches/CVE-2024-31445.patch: fix `automation_get_new_graphs_sql`
      function of `api_automation.php`
    - debian/patches/CVE-2024-31458.patch: fix `form_save()` function in
      `graph_template_inputs.php`
    - debian/patches/CVE-2024-31460.patch: fix `create_all_header_nodes()`
      function from `lib/api_automation.php`
    - CVE-2024-31445
    - CVE-2024-31458
    - CVE-2024-31460
  * SECURITY UPDATE: type juggling issue
    - debian/patches/CVE-2024-34340.patch: fix issue in `compat_password_verify`
      method
    - CVE-2024-34340
  * debian/patches/update-check_all_pages-filtered_log.patch: update
    filtered log for /var/log/cacti/cacti.log test

 -- Nishit Majithia <email address hidden> Mon, 19 Aug 2024 18:01:17 +0530

CVE-2024-25641 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable
CVE-2024-31459 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.
CVE-2024-31443 Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_
CVE-2024-31444 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_f
CVE-2024-31445 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_ne
CVE-2024-31458 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function i
CVE-2024-31460 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.p
CVE-2024-34340 Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set t



About   -   Send Feedback to @ubuntu_updates