Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE: 2024:0276-1 Important: Cacti and Cacti-Spine Security Update

opensuse
Calendar Grey September 2, 2024
Dist Opensuse Esm H88
This bulletin highlights a critical patch for Fedora, focusing on various security flaws within the Drupal framework.
An update that fixes 10 vulnerabilities is now available

Description

This update for cacti, cacti-spine fixes the following issues:

- cacti 1.2.27:

* CVE-2024-34340: Authentication Bypass when using using older password

hashes (boo#1224240)

* CVE-2024-25641: RCE vulnerability when importing packages (boo#1224229)

* CVE-2024-31459: RCE vulnerability when plugins include files

(boo#1224238)

* CVE-2024-31460: SQL Injection vulnerability when using tree rules

through Automation API (boo#1224239)

* CVE-2024-29894: XSS vulnerability when using JavaScript based

messaging API (boo#1224231)

* CVE-2024-31458: SQL Injection vulnerability when using form templates

(boo#1224241)

* CVE-2024-31444: XSS vulnerability when reading tree rules with

Automation API (boo#1224236)

* CVE-2024-31443: XSS vulnerability when managing data queries

(boo#1224235)

* CVE-2024-31445: SQL Injection vulnerability when retrieving graphs

using Automation API (boo#1224237)

*...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2024-276=1

Package List

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

cacti-spine-1.2.27-bp156.2.3.1

cacti-spine-debuginfo-1.2.27-bp156.2.3.1

cacti-spine-debugsource-1.2.27-bp156.2.3.1

- openSUSE Backports SLE-15-SP6 (noarch):

cacti-1.2.27-bp156.2.3.1

References

https://www.suse.com/security/cve/CVE-2024-25641.html

https://www.suse.com/security/cve/CVE-2024-27082.html

https://www.suse.com/security/cve/CVE-2024-29894.html

https://www.suse.com/security/cve/CVE-2024-31443.html

https://www.suse.com/security/cve/CVE-2024-31444.html

https://www.suse.com/security/cve/CVE-2024-31445.html

https://www.suse.com/security/cve/CVE-2024-31458.html

https://www.suse.com/security/cve/CVE-2024-31459.html

https://www.suse.com/security/cve/CVE-2024-31460.html

https://www.suse.com/security/cve/CVE-2024-34340.html

https://bugzilla.suse.com/1224229

https://bugzilla.suse.com/1224230

https://bugzilla.suse.com/1224231

https://bugzilla.suse.com/1224235

https://bugzilla.suse.com/1224236

https://bugzilla.suse.com/1224237

https://bugzilla.suse.com/1224238

https://bugzilla.suse.com/1224239

https://bugzilla.suse.com/1224240

https://bugzilla.suse.com/1224241

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2024:0276-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP6 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here