Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE: 2023:0025-1 Important: Cacti Command Injection Risk

opensuse
Calendar Grey January 21, 2023
Dist Opensuse Esm H88
The latest patch for cacti and cacti-spines addresses significant vulnerabilities, notably a severe command injection flaw that could be exploited.
An update that fixes one vulnerability is now available

Description

This update for cacti, cacti-spine fixes the following issues:

cacti-spine 1.2.23:

* Fix unexpected reindexing when using uptime as the reindex method

* Spine should prevent the script server from connecting to remote when

offline

* Improve Script Server Timeout Logging

* Add SQL_NO_CACHE to Spine Queries

cacti 1.2.23, providing security fixes, feature improvements and bug fixes:

* CVE-2022-46169: Unauthenticated Command Injection in Remote Agent

(boo#1206185)

* Security: Add .htaccess file to scripts folder

* When using Single Sign-on Frameworks, revocation was not always detected

in callbacks

* Fixes to the installer, and compatibility with PHP and MySQL

* Performance improvements for certain conditions

* Various UI fixes

* Bug fixes related to SNMP, RRDtools, and agents

Topics%20covered

Topics Covered

security advisory update important command injection cacti openSUSE cacti-spine

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2023-25=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

cacti-spine-1.2.23-26.1

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

cacti-1.2.23-32.1

References

https://www.suse.com/security/cve/CVE-2022-46169.html

https://bugzilla.suse.com/1206185

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0025-1
Rating: important
Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Package Hub for SUSE Linux Enterprise 12 .

Topics%20covered

Topics Covered

security advisory update important command injection cacti openSUSE cacti-spine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here