Oval Definition:oval:org.opensuse.security:def:110407
Revision Date:2020-03-01Version:1
Title:Security update for cacti, cacti-spine (Important)
Description:

This update for cacti, cacti-spine fixes the following issues:

cacti-spine was updated to version 1.2.9.



Security issues fixed:

- CVE-2009-4112: Fixed a privilege escalation (bsc#1122535). - CVE-2018-20723: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122245). - CVE-2018-20724: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122244). - CVE-2018-20725: Fixed a privilege escalation that could occur under certain conditions (bsc#1122535). - CVE-2018-20726: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122242). - CVE-2019-16723: Fixed an authentication bypass vulnerability. - CVE-2019-17357: Fixed an SQL injection vulnerability (bsc#1158990). - CVE-2019-17358: Fixed an unsafe deserialization in sanitize_unserialize_selected_items (bsc#1158992). - CVE-2020-7106: Fixed a potential cross-site scripting (XSS) vulnerability (bsc#1163749). - CVE-2020-7237: Fixed a remote code execution that affected privileged users via shell metacharacters in the Performance Boost Debug Log field (bsc#1161297).



Non-security issues fixed:

- Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec (boo#1101024). - Fixed Apache2.4 and Apache2.2 runtime configuration issue (boo#1101139).
Family:unixClass:patch
Status:Reference(s):1082318
1101024
1101139
1122242
1122243
1122244
1122245
1122535
1158990
1158992
1161297
1163749
CVE-2009-4112
CVE-2018-20723
CVE-2018-20724
CVE-2018-20725
CVE-2018-20726
CVE-2019-16723
CVE-2019-17357
CVE-2019-17358
CVE-2020-7106
CVE-2020-7237
openSUSE-SU-2020:0272-1
Platform(s):openSUSE Leap 15.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • cacti-1.2.9-lp151.3.3.1 is installed
  • OR cacti-spine-1.2.9-lp151.3.3.1 is installed
    • BACK