[SECURITY] [DLA 255-1] cacti security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : cacti
Version : 0.8.7g-1+squeeze6
CVE ID : CVE-2015-2665 CVE-2015-4342 CVE-2015-4454
Several vulnerabilities (cross-site scripting and SQL injection) have
been discovered in Cacti, a web interface for graphing of monitoring
systems.
We recommend that you upgrade your cacti packages.
CVE-2015-2665
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d
allows remote attackers to inject arbitrary web script or HTML via
unspecified vectors.
CVE-2015-4342
SQL Injection and Location header injection from cdef id
CVE-2015-4454
SQL injection vulnerability in the get_hash_graph_template function
in lib/functions.php in Cacti before 0.8.8d allows remote attackers
to execute arbitrary SQL commands via the graph_template_id
parameter to graph_templates.php
Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
SQL injection vulnerability in the settings page
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJVjoRbAAoJEJxcmesFvXUK184H/johA1AufAJAU+csX9HFwi0I
Z0JPp2Jh5Gt1qMx660DDAxv12F1BfRssos3qTdhP6AQ/sdTq7EB9YH2zt2VEApHL
xCVAwENOYUN/Ixk552wcL46ciIGdHSeagtdbJ3VdDFQqIGKFQuMeNAaCxcMCsv+Q
EJ0RCELpZ+cjrOWedqlbwk0APUa+YZRKyCLa6ZIPHtVZS5d6E95L26y69p6G7lme
qlSe45p+f651o91R78dhRFWw/TBeJHlMcr0pyjBUcL+v7q0/vP6Pka9ZPct+pe2z
+gCgqfZILLW5W8R8CRJ95MC62vgxF5ESCZQ92Sn++w/fOdhZ5iuVtscl9hJBoQQ=
=IFk4
-----END PGP SIGNATURE-----
Reply to: