Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 39: 2023-248dff7cbe Moderate: Cacti XSS and SQL Injection

fedora
Calendar Grey November 3, 2023
Dist Fedora Esm H88
The most recent update for Fedora 39 Cacti package addresses significant security vulnerabilities and essential fixes.
Update cacti and cacti-spine to version 1.2.25

Summary

Cacti is a complete frontend to RRDTool. It stores all of the

necessary information to create graphs and populate them with

data in a MySQL database. The frontend is completely PHP

driven.

Update Information:

Update cacti and cacti-spine to version 1.2.25. This includes the upstream fixes for many CVEs. https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25

Topics%20covered

Topics Covered

security advisory update Fedora XSS threat SQL injection Cacti

Change Log

* Wed Oct 4 2023 Carl George - 1.2.25-1 - Update to version 1.2.25

References


[ 1 ] Bug #2237577 - CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237577 [ 2 ] Bug #2237582 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237582 [ 3 ] Bug #2237583 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237583 [ 4 ] Bug #2237585 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237585 [ 5 ] Bug #2237588 - CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237588 [ 6 ] Bug ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-248dff7cbe' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: cacti
Product: Fedora 39
Version: 1.2.25
Release: 1.fc39
URL:
Summary: An rrd based graphing tool

Topics%20covered

Topics Covered

security advisory update Fedora XSS threat SQL injection Cacti

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here