ArchLinux: 201602-24: cacti: sql injection
Summary
- CVE-2015-8604 (sql injection)
SQL injection in graphs_new.php.
- CVE-2015-8377 (sql injection)
SQL injection vulnerability in the host_new_graphs_save function in
graphs_new.php.
- CVE-2015-8369 (sql injection)
SQL injection in graph.php.
Resolution
Upgrade to 0.8.8_g-2.
# pacman -Syu "cacti>=0.8.8_g-2"
The problem has been fixed upstream in version 0.8.8_g.
References
https://www.openwall.com/lists/oss-security/2016/01/04/8 https://bugs.mageia.org/show_bug.cgi?id=17352
Workaround
None.