Описание
Security update for cacti, cacti-spine
This update for cacti, cacti-spine fixes the following issues:
cacti-spine and cacti were updated to 1.2.12:
cacti fixes:
- CVE-2020-7106: Lack of escaping of color items can lead to XSS exposure (boo#1163749)
- Fix multiple graphing bugs and web UI issues
- Fix multiple warnings, PHP Exceptions and errors
- Content-Security-Policy prevents External Links from being opened
- Prevent runtime memory issues by increasing memory limit
- Improve SNMPv3 handling
cacti-spine fixes:
- Failed host lookup causes spine to crash
Список пакетов
SUSE Package Hub 12
cacti-1.2.12-bp151.4.9.1
cacti-spine-1.2.12-bp151.4.9.1
SUSE Package Hub 15 SP1
cacti-1.2.12-bp151.4.9.1
cacti-spine-1.2.12-bp151.4.9.1
openSUSE Leap 15.1
cacti-1.2.12-bp151.4.9.1
cacti-spine-1.2.12-bp151.4.9.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0654-1
- SUSE Security Ratings
- SUSE Bug 1163749
- SUSE CVE CVE-2020-7106 page
Описание
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
Затронутые продукты
SUSE Package Hub 12:cacti-1.2.12-bp151.4.9.1
SUSE Package Hub 12:cacti-spine-1.2.12-bp151.4.9.1
SUSE Package Hub 15 SP1:cacti-1.2.12-bp151.4.9.1
SUSE Package Hub 15 SP1:cacti-spine-1.2.12-bp151.4.9.1
Ссылки
- CVE-2020-7106
- SUSE Bug 1163749