Advisories » MGASA-2016-0025

Updated cacti packages fix security vulnerability

Publication date: 20 Jan 2016
Modification date: 20 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8369 , CVE-2015-8377 , CVE-2015-8604

Description

Several SQL injection vulnerabilities have been discovered in Cacti.
Specially crafted input can be used by an attacker in the rra_id value of
the graph.php script to execute arbitrary SQL commands on the database
(CVE-2015-8369).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17352
• https://www.debian.org/security/2015/dsa-3423
• http://lwn.net/Alerts/669382/
• http://lwn.net/Alerts/671883/
• https://www.cve.org/CVERecord?id=CVE-2015-8369
• https://www.cve.org/CVERecord?id=CVE-2015-8377
• https://www.cve.org/CVERecord?id=CVE-2015-8604

SRPMS

5/core

• cacti-0.8.8f-1.2.mga5