[SECURITY] [DLA 4048-1] cacti security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4048-1] cacti security update
From: rouca@debian.org
Date: Tue, 11 Feb 2025 17:20:12 +0000
Message-id: <[🔎] 6e6f3ab0f3290eaab8a079013e583e6c@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4048-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
February 10, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cacti
Version        : 1.2.16+ds1-2+deb11u5
CVE ID         : CVE-2024-43362 CVE-2024-43363 CVE-2024-43364 CVE-2024-43365 
                 CVE-2024-45598 CVE-2024-47875 CVE-2024-48910 CVE-2024-54145 
                 CVE-2025-22604 CVE-2025-24367 CVE-2025-24368


Multiple security vulnerabilities have been discovered in Cacti, a web
interface for graphing of monitoring systems, which could result in
cross-site scripting, SQL injection, or command injection.

For Debian 11 bullseye, these problems have been fixed in version
1.2.16+ds1-2+deb11u5.

We recommend that you upgrade your cacti packages.

For the detailed security status of cacti please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cacti

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmerhssACgkQADoaLapB
CF+0xQ/+LLyY3yMWDFqAYufwUoe5hYCiyoEVPFIjWxiG4FUIFs3fqZQLD+1I/1mR
a/0Oi5hdTRqjrG3q7HZ7SUcxbYKymV62/PtJXEZrZb2i/NkF+U9xm2sy+AM1zOHe
KZu2hk3bB5BscSbQVNBPKoaM8HSadP1iRNYbWQWBJ2i4io0iP/tNAtng1485wJcr
s1O1dhhsI7aLDT7XESzvcOetLJzrI6f1GMoBu1qBiVJkXn203STO0pfdywncPfPm
aeYiRRhykYt3+YYljy1P5HQDWbyBgRYhTthD5PIW+//PsmMjahXefyXlKI0GqdGd
UpHd+rH7pLmrznwFUUBUw2hf3XLUgsYXSQVflxgHFCxTr5wvYxWgrBcT8bQYzysA
cHpRmoYgOKokI9GDRbrstgpAfiQISzBB4wAyh93SOeMc9RiFERV74h0rEq1Ybdp7
Mr/q8UoaG7VGeHO77+9DbbjwpAcX5pe4aoesP11k7utpcjJq6EPYfqWZdBXs8KBk
hui+Vgj4w8CjX/5CL4AxfsgkcNWiphI2+Z8lmIiMCJchqUxmeVviY6ZbgYdwB3jY
Igs1mKmXT3Au2o7xDdQ6qLxoLEnVpi6KcbMKyCwMrm/VDQv6A1SPYR32SbYZUtuT
Y2yYXdXIwJwqk0vUwNyBpXh7crhFBqYf1D0uS72hLlnrkpZSaxo=
=ycHd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4049-1] rust-openssl security update
Next by Date: [SECURITY] [DLA 4050-1] bind9 security update
Previous by thread: [SECURITY] [DLA 4049-1] rust-openssl security update
Next by thread: [SECURITY] [DLA 4050-1] bind9 security update
Index(es):
- Date
- Thread