Описание
Security update for cacti
cacti was updated to fix the following vulnerabilities:
- CVE-2015-8369: SQL injection in graph.php (boo#958863)
- CVE-2015-8604: SQL injection in graphs_new.php (boo#960678)
- CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php (boo#958977)
- CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access (boo#965930)
cacti-spine was updated to match the cacti version, fixing a number of upstream bugs.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0438-1
- SUSE Security Ratings
Описание
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Затронутые продукты
Ссылки
- CVE-2015-8369
- SUSE Bug 958863
- SUSE Bug 958977
- SUSE Bug 960678
Описание
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.
Затронутые продукты
Ссылки
- CVE-2015-8377
- SUSE Bug 958863
- SUSE Bug 958977
- SUSE Bug 960678
Описание
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
Затронутые продукты
Ссылки
- CVE-2015-8604
- SUSE Bug 960678
Описание
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
Затронутые продукты
Ссылки
- CVE-2016-2313
- SUSE Bug 1022564
- SUSE Bug 1069693
- SUSE Bug 965930