cacti 1.1.27+ds1-3 source package in Ubuntu
Changelog
cacti (1.1.27+ds1-3) unstable; urgency=medium
* CVE-2017-16641: remote authenticated administrators can execute
arbitrary os commands via the path_rrdtool parameter in an action=save
request to settings.php (Closes: #881110)
* CVE-2017-16660: remote authenticated administrators can conduct Remote
Code Execution attacks by placing the Log Path under the web root, and
then making a remote_agent.php request containing PHP code in a
Client-ip header
* CVE-2017-16661: remote authenticated administrators can read arbitrary
files accessible by the web-server user by placing the Log Path into a
private directory, and then making a clog.php?filename= request
* CVE-2017-16785: reflected XSS via the PATH_INFO to host.php
(reintroduction of CVE-2017-15194)
* Bump standards to 4.1.1
* Set Priority to optional
-- Paul Gevers <email address hidden> Tue, 14 Nov 2017 20:14:34 +0100
Upload details
- Uploaded by:
- Cacti Maintainer
- Uploaded to:
- Sid
- Original maintainer:
- Cacti Maintainer
- Architectures:
- all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| cacti_1.1.27+ds1-3.dsc | 2.1 KiB | 9d77784c2545398d29f325c99764b1aebeb8966bb7d12e5c0dda78e7673306f3 |
| cacti_1.1.27+ds1.orig-docs-source.tar.xz | 65.3 KiB | 30931fb415c746524db2d752f8be47f568f7f4dc3ba0cc0a3f184c3951b337e9 |
| cacti_1.1.27+ds1.orig.tar.gz | 3.7 MiB | 315f82916d675d9ee192800fb2066c593ee520c220cf8049c4b95812bd29333e |
| cacti_1.1.27+ds1-3.debian.tar.xz | 54.8 KiB | 519db95eb5fd254f309faad31aaeb2d79fa1b2bbe8a8c604aa8b8fdcc7203f44 |
Available diffs
- diff from 1.1.27+ds1-2 to 1.1.27+ds1-3 (8.0 KiB)
No changes file available.
Binary packages built by this source
- cacti: web interface for graphing of monitoring systems
Cacti is a complete PHP-driven front-end for RRDTool. It stores all of
the necessary data source information to create graphs, handles the data
gathering, and populates the MySQL database with round-robin archives.
It also includes SNMP support for those used to creating traffic graphs
with MRTG.
.
This package requires a functional MySQL database server on either the
installation host or a remotely accessible system.
