openSUSE-SU-2024:0031-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0031-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0031-1

Related

Published

2024-01-24T12:47:05Z

Modified

2024-01-24T12:47:05Z

Summary

Security update for cacti, cacti-spine

Details

This update for cacti, cacti-spine fixes the following issues:

cacti-spine 1.2.26:

Fix: Errors when uptime OID is not present
Fix: MySQL reconnect option is depreciated
Fix: Spine does not check a host with no poller items
Fix: Poller may report the wrong number of devices polled
Feature: Allow users to override the threads setting at the command line
Feature: Allow spine to run in ping-only mode

cacti 1.2.26:

CVE-2023-50250: XSS vulnerability when importing a template file (boo#1218380)
CVE-2023-49084: RCE vulnerability when managing links (boo#1218360)
CVE-2023-49085: SQL Injection vulnerability when managing poller devices (boo#1218378)
CVE-2023-49086: XSS vulnerability when adding new devices (boo#1218366)
CVE-2023-49088: XSS vulnerability when viewing data sources in debug mode (boo#1218379)
CVE-2023-51448: SQL Injection vulnerability when managing SNMP Notification Receivers (boo#1218381)
When viewing data sources, an undefined variable error may be seen
Improvements for Poller Last Run Date
Attempting to edit a Data Query that does not exist throws warnings and not an GUI error
Improve PHP 8.1 support when adding devices
Viewing Data Query Cache can cause errors to be logged
Preserve option is not properly honoured when removing devices at command line
Infinite recursion is possible during a database failure
Monitoring Host CPU's does not always work on Windows endpoints
Multi select drop down list box not rendered correctly in Chrome and Edge
Selective Plugin Debugging may not always work as intended
During upgrades, Plugins may be falsely reported as incompatible
Plugin management at command line does not work with multiple plugins
Improve PHP 8.1 support for incrementing only numbers
Allow the renaming of guest and template accounts
DS Stats issues warnings when the RRDfile has not been initialized
When upgrading, missing data source profile can cause errors to be logged
When deleting a single Data Source, purge historical debug data
Improvements to form element warnings
Some interface aliases do not appear correctly
Aggregate graph does not show other percentiles
Settings table updates for large values reverted by database repair
When obtaining graph records, error messages may be recorded
Unable to change a device's community at command line
Increase timeout for RRDChecker
When viewing a graph, option to edit template may lead to incorrect URL
When upgrading, failures may occur due to missing color table keys
On installation, allow a more appropriate template to be used as the default
When data input parameters are allowed to be null, allow null
CSV Exports may not always output data correctly
When debugging a graph, long CDEF's can cause undesirable scrolling
Secondary LDAP server not evaluated when the first one has failed
When adding a device, using the bulk walk option can make version information appear
When parsing a Data Query resource, an error can be reported if no direction is specified
Database reconnection can cause errors to be reported incorrectly
fix returned value if $sau is empty
Add Aruba switch, Aruba controller and HPE iLO templates
Add OSCX 6x00 templates

References

Affected packages

SUSE:Package Hub 12 / cacti

Package

Name: cacti
Purl: purl:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

SUSE:Package Hub 12 / cacti-spine

Package

Name: cacti-spine
Purl: purl:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

SUSE:Package Hub 15 SP5 / cacti

Package

Name: cacti
Purl: purl:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

SUSE:Package Hub 15 SP5 / cacti-spine

Package

Name: cacti-spine
Purl: purl:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

openSUSE:Leap 15.5 / cacti

Package

Name: cacti
Purl: purl:rpm/suse/cacti&distro=openSUSE%20Leap%2015.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

openSUSE:Leap 15.5 / cacti-spine

Package

Name: cacti-spine
Purl: purl:rpm/suse/cacti-spine&distro=openSUSE%20Leap%2015.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}