Описание
Security update for cacti, cacti-spine
This update for cacti and cacti-spine fixes security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2017-12927: Cross-site scripting vulnerability in methodparameter (bsc#1054390)
- CVE-2017-12978:Cross-site scripting vulnerability via the title field (bsc#1054742)
It also contains all upstream bug fixes and improvements in the 1.1.18 release:
- Sort devices by polling time to allow long running d
- Allow user to hide Graphs from disabled Devices
- Create a separate Realm for Realtime Graphs
- Fix various JavaScript errors
- updated translations
- Can now export Device table results to CSV
- Allow Log Rotation to be other than Daily, and other log rotation improvements
Список пакетов
openSUSE Leap 42.2
cacti-1.1.19-22.1
cacti-doc-1.1.19-22.1
cacti-spine-1.1.19-13.1
openSUSE Leap 42.3
cacti-1.1.19-22.1
cacti-doc-1.1.19-22.1
cacti-spine-1.1.19-13.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2367-1
- SUSE Security Ratings
Описание
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
Затронутые продукты
openSUSE Leap 42.2:cacti-1.1.19-22.1
openSUSE Leap 42.2:cacti-doc-1.1.19-22.1
openSUSE Leap 42.2:cacti-spine-1.1.19-13.1
openSUSE Leap 42.3:cacti-1.1.19-22.1
Ссылки
- CVE-2017-12927
- SUSE Bug 1054390
Описание
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
Затронутые продукты
openSUSE Leap 42.2:cacti-1.1.19-22.1
openSUSE Leap 42.2:cacti-doc-1.1.19-22.1
openSUSE Leap 42.2:cacti-spine-1.1.19-13.1
openSUSE Leap 42.3:cacti-1.1.19-22.1
Ссылки
- CVE-2017-12978
- SUSE Bug 1054742