Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 37: 2023-06a2a6e03c Moderate: Cacti Update and Security Fixes

fedora
Calendar Grey October 13, 2023
Dist Fedora Esm H88
Enhance Cacti by transitioning to version 1.2.25 on Fedora; vital patches for various security vulnerabilities resolved in this update.
Update cacti and cacti-spine to version 1.2.25

Summary

Cacti is a complete frontend to RRDTool. It stores all of the

necessary information to create graphs and populate them with

data in a MySQL database. The frontend is completely PHP

driven.

Update Information:

Update cacti and cacti-spine to version 1.2.25. This includes the upstream fixes for many CVEs. https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25

Topics%20covered

Topics Covered

security advisory update Fedora cross-site scripting security fix SQL injection cacti

Change Log

* Wed Oct 4 2023 Carl George - 1.2.25-1 - Update to version 1.2.25 * Wed Jan 18 2023 Fedora Release Engineering - 1.2.23-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

References


[ 1 ] Bug #2237577 - CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237577 [ 2 ] Bug #2237582 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237582 [ 3 ] Bug #2237583 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237583 [ 4 ] Bug #2237585 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237585 [ 5 ] Bug #2237588 - CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237588 [ 6 ] Bug ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-06a2a6e03c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: cacti
Product: Fedora 37
Version: 1.2.25
Release: 1.fc37
URL:
Summary: An rrd based graphing tool

Topics%20covered

Topics Covered

security advisory update Fedora cross-site scripting security fix SQL injection cacti

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here