Updated cacti packages fix security vulnerability
Publication date: 20 Jan 2016Modification date: 20 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8369 , CVE-2015-8377 , CVE-2015-8604
Description
Several SQL injection vulnerabilities have been discovered in Cacti.
Specially crafted input can be used by an attacker in the rra_id value of
the graph.php script to execute arbitrary SQL commands on the database
(CVE-2015-8369).
References
- https://bugs.mageia.org/show_bug.cgi?id=17352
- https://www.debian.org/security/2015/dsa-3423
- http://lwn.net/Alerts/669382/
- http://lwn.net/Alerts/671883/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8369
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8377
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8604
SRPMS
5/core
- cacti-0.8.8f-1.2.mga5