Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 37: 2023-06a2a6e03c Moderate: Cacti-Spine Multiple Issues

fedora
Calendar Grey October 13, 2023
Dist Fedora Esm H88
The Fedora 37 upgrade for cacti-spine version 1.2.25 corrects several security vulnerabilities related to cross-site scripting and SQL injection risks.
Update cacti and cacti-spine to version 1.2.25

Summary

Spine is a supplemental poller for Cacti that makes use of pthreads to achieve

excellent performance.

Update Information:

Update cacti and cacti-spine to version 1.2.25. This includes the upstream fixes for many CVEs. https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25

Topics%20covered

Topics Covered

security advisory update Fedora cross-site scripting SQL injection cacti-spine

Change Log

* Wed Oct 4 2023 Carl George - 1.2.25-1 - Update to version 1.2.25 * Wed Jul 19 2023 Fedora Release Engineering - 1.2.23-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jan 18 2023 Fedora Release Engineering - 1.2.23-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

References


[ 1 ] Bug #2237577 - CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237577 [ 2 ] Bug #2237582 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237582 [ 3 ] Bug #2237583 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237583 [ 4 ] Bug #2237585 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237585 [ 5 ] Bug #2237588 - CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237588 [ 6 ] Bug ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-06a2a6e03c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
important
Lowest
Low
Medium
High
Critical

Name: cacti-spine
Product: Fedora 37
Version: 1.2.25
Release: 1.fc37
URL:
Summary: Threaded poller for Cacti written in C

Topics%20covered

Topics Covered

security advisory update Fedora cross-site scripting SQL injection cacti-spine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here