openSUSE-SU-2024:0031-1

This update for cacti, cacti-spine fixes the following issues:

cacti-spine 1.2.26:

• Fix: Errors when uptime OID is not present
• Fix: MySQL reconnect option is depreciated
• Fix: Spine does not check a host with no poller items
• Fix: Poller may report the wrong number of devices polled
• Feature: Allow users to override the threads setting at the command line
• Feature: Allow spine to run in ping-only mode

cacti 1.2.26:

• CVE-2023-50250: XSS vulnerability when importing a template file (boo#1218380)
• CVE-2023-49084: RCE vulnerability when managing links (boo#1218360)
• CVE-2023-49085: SQL Injection vulnerability when managing poller devices (boo#1218378)
• CVE-2023-49086: XSS vulnerability when adding new devices (boo#1218366)
• CVE-2023-49088: XSS vulnerability when viewing data sources in debug mode (boo#1218379)
• CVE-2023-51448: SQL Injection vulnerability when managing SNMP Notification Receivers (boo#1218381)
• When viewing data sources, an undefined variable error may be seen
• Improvements for Poller Last Run Date
• Attempting to edit a Data Query that does not exist throws warnings and not an GUI error
• Improve PHP 8.1 support when adding devices
• Viewing Data Query Cache can cause errors to be logged
• Preserve option is not properly honoured when removing devices at command line
• Infinite recursion is possible during a database failure
• Monitoring Host CPU's does not always work on Windows endpoints
• Multi select drop down list box not rendered correctly in Chrome and Edge
• Selective Plugin Debugging may not always work as intended
• During upgrades, Plugins may be falsely reported as incompatible
• Plugin management at command line does not work with multiple plugins
• Improve PHP 8.1 support for incrementing only numbers
• Allow the renaming of guest and template accounts
• DS Stats issues warnings when the RRDfile has not been initialized
• When upgrading, missing data source profile can cause errors to be logged
• When deleting a single Data Source, purge historical debug data
• Improvements to form element warnings
• Some interface aliases do not appear correctly
• Aggregate graph does not show other percentiles
• Settings table updates for large values reverted by database repair
• When obtaining graph records, error messages may be recorded
• Unable to change a device's community at command line
• Increase timeout for RRDChecker
• When viewing a graph, option to edit template may lead to incorrect URL
• When upgrading, failures may occur due to missing color table keys
• On installation, allow a more appropriate template to be used as the default
• When data input parameters are allowed to be null, allow null
• CSV Exports may not always output data correctly
• When debugging a graph, long CDEF's can cause undesirable scrolling
• Secondary LDAP server not evaluated when the first one has failed
• When adding a device, using the bulk walk option can make version information appear
• When parsing a Data Query resource, an error can be reported if no direction is specified
• Database reconnection can cause errors to be reported incorrectly
• fix returned value if $sau is empty
• Add Aruba switch, Aruba controller and HPE iLO templates
• Add OSCX 6x00 templates