openSUSE-SU-2024:0031-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0031-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2024:0031-1
Related
Published
2024-01-24T12:47:05Z
Modified
2024-01-24T12:47:05Z
Summary
Security update for cacti, cacti-spine
Details

This update for cacti, cacti-spine fixes the following issues:

cacti-spine 1.2.26:

  • Fix: Errors when uptime OID is not present
  • Fix: MySQL reconnect option is depreciated
  • Fix: Spine does not check a host with no poller items
  • Fix: Poller may report the wrong number of devices polled
  • Feature: Allow users to override the threads setting at the command line
  • Feature: Allow spine to run in ping-only mode

cacti 1.2.26:

  • CVE-2023-50250: XSS vulnerability when importing a template file (boo#1218380)
  • CVE-2023-49084: RCE vulnerability when managing links (boo#1218360)
  • CVE-2023-49085: SQL Injection vulnerability when managing poller devices (boo#1218378)
  • CVE-2023-49086: XSS vulnerability when adding new devices (boo#1218366)
  • CVE-2023-49088: XSS vulnerability when viewing data sources in debug mode (boo#1218379)
  • CVE-2023-51448: SQL Injection vulnerability when managing SNMP Notification Receivers (boo#1218381)
  • When viewing data sources, an undefined variable error may be seen
  • Improvements for Poller Last Run Date
  • Attempting to edit a Data Query that does not exist throws warnings and not an GUI error
  • Improve PHP 8.1 support when adding devices
  • Viewing Data Query Cache can cause errors to be logged
  • Preserve option is not properly honoured when removing devices at command line
  • Infinite recursion is possible during a database failure
  • Monitoring Host CPU's does not always work on Windows endpoints
  • Multi select drop down list box not rendered correctly in Chrome and Edge
  • Selective Plugin Debugging may not always work as intended
  • During upgrades, Plugins may be falsely reported as incompatible
  • Plugin management at command line does not work with multiple plugins
  • Improve PHP 8.1 support for incrementing only numbers
  • Allow the renaming of guest and template accounts
  • DS Stats issues warnings when the RRDfile has not been initialized
  • When upgrading, missing data source profile can cause errors to be logged
  • When deleting a single Data Source, purge historical debug data
  • Improvements to form element warnings
  • Some interface aliases do not appear correctly
  • Aggregate graph does not show other percentiles
  • Settings table updates for large values reverted by database repair
  • When obtaining graph records, error messages may be recorded
  • Unable to change a device's community at command line
  • Increase timeout for RRDChecker
  • When viewing a graph, option to edit template may lead to incorrect URL
  • When upgrading, failures may occur due to missing color table keys
  • On installation, allow a more appropriate template to be used as the default
  • When data input parameters are allowed to be null, allow null
  • CSV Exports may not always output data correctly
  • When debugging a graph, long CDEF's can cause undesirable scrolling
  • Secondary LDAP server not evaluated when the first one has failed
  • When adding a device, using the bulk walk option can make version information appear
  • When parsing a Data Query resource, an error can be reported if no direction is specified
  • Database reconnection can cause errors to be reported incorrectly
  • fix returned value if $sau is empty
  • Add Aruba switch, Aruba controller and HPE iLO templates
  • Add OSCX 6x00 templates
References

Affected packages

SUSE:Package Hub 12 / cacti

Package

Name
cacti
Purl
pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

SUSE:Package Hub 12 / cacti-spine

Package

Name
cacti-spine
Purl
pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

SUSE:Package Hub 15 SP5 / cacti

Package

Name
cacti
Purl
pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

SUSE:Package Hub 15 SP5 / cacti-spine

Package

Name
cacti-spine
Purl
pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

openSUSE:Leap 15.5 / cacti

Package

Name
cacti
Purl
pkg:rpm/opensuse/cacti&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}

openSUSE:Leap 15.5 / cacti-spine

Package

Name
cacti-spine
Purl
pkg:rpm/opensuse/cacti-spine&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.26-bp155.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "cacti": "1.2.26-bp155.2.6.1",
            "cacti-spine": "1.2.26-bp155.2.6.1"
        }
    ]
}