Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:1060-1

Опубликовано: 25 июл. 2020
Источник: suse-cvrf

Описание

Security update for cacti, cacti-spine

This update for cacti, cacti-spine fixes the following issues:

  • cacti 1.2.13:

    • Query XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
    • Lack of escaping on some pages can lead to XSS exposure
    • Update PHPMailer to 6.1.6 (CVE-2020-13625)
    • SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295, boo#1173090)
    • Lack of escaping on template import can lead to XSS exposure

  • switch from cron to systemd timers (boo#1115436):

    • cacti-cron.timer
    • cacti-cron.service

  • avoid potential root escalation on systems with fs.protected_hardlinks=0 (boo#1154087): handle directory permissions in file section instead of using chown during post installation

  • rewrote apache configuration to get rid of .htaccess files and explicitely disable directory permissions per default (only allow a limited, well-known set of directories)

Список пакетов

SUSE Package Hub 12
cacti-1.2.13-11.1
cacti-spine-1.2.13-8.1
openSUSE Leap 15.1
cacti-1.2.13-11.1
cacti-spine-1.2.13-8.1
openSUSE Leap 15.2
cacti-1.2.13-11.1
cacti-spine-1.2.13-8.1

Ссылки

Описание

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.13-11.1
SUSE Package Hub 12:cacti-spine-1.2.13-8.1
openSUSE Leap 15.1:cacti-1.2.13-11.1
openSUSE Leap 15.1:cacti-spine-1.2.13-8.1
Ссылки

Описание

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.13-11.1
SUSE Package Hub 12:cacti-spine-1.2.13-8.1
openSUSE Leap 15.1:cacti-1.2.13-11.1
openSUSE Leap 15.1:cacti-spine-1.2.13-8.1
Ссылки

Описание

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.13-11.1
SUSE Package Hub 12:cacti-spine-1.2.13-8.1
openSUSE Leap 15.1:cacti-1.2.13-11.1
openSUSE Leap 15.1:cacti-spine-1.2.13-8.1
Ссылки

Описание

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.13-11.1
SUSE Package Hub 12:cacti-spine-1.2.13-8.1
openSUSE Leap 15.1:cacti-1.2.13-11.1
openSUSE Leap 15.1:cacti-spine-1.2.13-8.1
Ссылки
Уязвимость openSUSE-SU-2020:1060-1