Advisories » MGASA-2016-0178

Updated cacti packages fix security vulnerabilities

Publication date: 18 May 2016
Modification date: 18 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3172 , CVE-2016-3659

Description

Updated cacti package fixes security vulnerability:

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows
remote authenticated users to execute arbitrary SQL commands via the parent_id
parameter in an item_edit action (CVE-2016-3172).

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g and earlier
allows remote authenticated users to execute arbitrary SQL commands via the
host_group_data parameter (CVE-2016-3659).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18021
• https://lists.opensuse.org/opensuse-updates/2016-05/msg00074.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3172
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3659

SRPMS

5/core

• cacti-0.8.8f-1.5.mga5