openSUSE-SU-2017:0663-1

Опубликовано: 11 мар. 2017

Источник: suse-cvrf

Описание

Security update for cacti

This update for cacti fixes the following vulnerabilities:

CVE-2014-4000: PHP Object Injection Vulnerabilities (boo#1022564)

It also updates cacti to version 1.0.4 to include the latest upstream bugfixes and improvements.

Список пакетов

openSUSE Leap 42.1

cacti-1.0.4-14.1

cacti-doc-1.0.4-14.1

openSUSE Leap 42.2

cacti-1.0.4-14.1

cacti-doc-1.0.4-14.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-03/msg00023.html
E-Mail link for openSUSE-SU-2017:0663-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

Затронутые продукты

openSUSE Leap 42.1:cacti-1.0.4-14.1

openSUSE Leap 42.1:cacti-doc-1.0.4-14.1

openSUSE Leap 42.2:cacti-1.0.4-14.1

openSUSE Leap 42.2:cacti-doc-1.0.4-14.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-4000.html
CVE-2014-4000
https://bugzilla.suse.com/1022564
SUSE Bug 1022564

openSUSE-SU-2017:0663-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2014-4000

Описание

Затронутые продукты

Ссылки