Fedora 25: 2017-127e76d78d Critical: Cacti XSS and Code Exploit

Cacti is a complete frontend to RRDTool. It stores all of the

necessary information to create graphs and populate them with

data in a MySQL database. The frontend is completely PHP

driven.

- Update to 1.1.16 - CVE-2017-12065 CVE-2017-12066 Release notes:

---- - Update to 1.1.15

Release notes: ---- -Update to 1.1.14 Release notes:

[ 1 ] Bug #1477092 - CVE-2017-12066 cacti: XSS vulnerability in aggregate_graphs.php

https://bugzilla.redhat.com/show_bug.cgi?id=1477092

[ 2 ] Bug #1477090 - CVE-2017-12065 cacti: Possible code execution via avgnan, outlier-start, or outlier-end parameter

https://bugzilla.redhat.com/show_bug.cgi?id=1477090

su -c 'dnf upgrade cacti' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org