Updated cacti package fixes security vulnerabilities
Publication date: 26 Jul 2014Modification date: 26 Jul 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-2326 , CVE-2014-2328 , CVE-2014-2708 , CVE-2014-2709 , CVE-2014-4002
Description
Multiple security issues (cross-site scripting, cross-site request forgery,
SQL injections, missing input sanitising) have been found in Cacti
(CVE-2014-2326, CVE-2014-2328, CVE-2014-2708, CVE-2014-2709, CVE-2014-4002).
References
- https://bugs.mageia.org/show_bug.cgi?id=13626
- https://www.debian.org/security/2014/dsa-2970
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2326
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2328
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2708
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4002
SRPMS
4/core
- cacti-0.8.8b-3.1.mga4