Advisories » MGASA-2014-0403

Updated cacti package fixes multiple security vulnerabilities

Publication date: 09 Oct 2014
Modification date: 09 Oct 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-5025 , CVE-2014-5026 , CVE-2014-5261 , CVE-2014-5262

Description

Updated cacti package fixes security vulnerabilities:

Multiple security issues (cross-site scripting, missing input sanitising and
SQL injection) have been discovered in Cacti, a web interface for graphing of
monitoring systems (CVE-2014-5025, CVE-2014-5026, CVE-2014-5261,
CVE-2014-5262).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13930
• https://www.debian.org/security/2014/dsa-3007
• https://www.cve.org/CVERecord?id=CVE-2014-5025
• https://www.cve.org/CVERecord?id=CVE-2014-5026
• https://www.cve.org/CVERecord?id=CVE-2014-5261
• https://www.cve.org/CVERecord?id=CVE-2014-5262

SRPMS

4/core

• cacti-0.8.8b-3.2.mga4