[SECURITY] [DLA 278-1] cacti security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : cacti
Version : 0.8.7g-1+squeeze7
CVE ID : CVE-2015-4634
Debian Bug : NA
Several SQL injection vulnerabilities were discovered in cacti, a
frontend to rrdtool for monitoring systems and service:
CVE-2015-4634
SQL injection vulnerability in Cacti before 0.8.8e allows remote
attackers to execute arbitrary SQL commands in graphs.php
Currently unknown or unassigned CVE's
SQL injection vulnerability in Cacti before 0.8.8e allows remote
attackers to execute arbitrary SQL commands in cdef.php, color.php,
data_input.php, data_queries.php, data_sources.php,
data_templates.php, gprint_presets.php, graph_templates.php,
graph_templates_items.php, graphs_items.php, host.php,
host_templates.php, lib/functions.php, rra.php, tree.php and
user_admin.php
For the oldoldstable distribution (squeeze), these problems have been
fixed in version 0.8.7g-1+squeeze7.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJVrSoHAAoJEJxcmesFvXUK6X0H/Au9XtqDqgWa3jeCVwDo62ZU
dxDJCyPgA/7vEA2sS36waEB/9QZvpUYYJXAWnmqm8UxQVFdLxZBsxqlTsmUkfsSo
cnsa3KdiJAutAgUAFkYSZ8oSXzzlK5uDb7tROgd2kwPVN/BXLjs6U1LzHbWmdeO8
eYCU5jofkcbXPwyxpTEBtpTeT2DFl+Gv7Ldv9OjSEBb2c2C9FOyWj21Kva9YuQwF
Sgd8ajUnGvhO3XFINGLDxkdWBu0ZIleNjVeHrxICylfhp/23vwPbgaQCNAsIVBoK
5xVvZk+OUPC9fRjEON2qMn6SxDqhI8fZYgrLMDUI2jSrdxTXGBm3tIATYDwWrT4=
=4u8y
-----END PGP SIGNATURE-----
Reply to: