LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2008-1737 (cacti)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: cacti-0.8.7b-1.fc7


Date:
    	      Fri, 15 Feb 2008 19:14:24 -0700


Message-ID:
    	      <200802160214.m1G2ENbA028131@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-1737
2008-02-15 21:20:05
--------------------------------------------------------------------------------

Name        : cacti
Product     : Fedora 7
Version     : 0.8.7b
Release     : 1.fc7
URL         : http://www.cacti.net/
Summary     : An rrd based graphing tool
Description :
Cacti is a complete frontend to RRDTool. It stores all of the
necessary information to create graphs and populate them with
data in a MySQL database. The frontend is completely PHP
driven. Along with being able to maintain graphs, data
sources, and round robin archives in a database, Cacti also
handles the data gathering. There is SNMP support for those
used to creating traffic graphs with MRTG.

--------------------------------------------------------------------------------
Update Information:

 * XSS vulnerabilities   * Path disclosure vulnerabilities   * SQL injection
vulnerabilities   * HTTP response splitting vulnerabilities      bug#0000855:
Unnecessary (and faulty) DEF generation for CF:AVERAGE  bug#0001083: Small
visual fix for Cacti in "View Cacti Log File"  bug#0001089: Graph xport
modification to increase default rows output  bug#0001091: Poller incorrectly
identifies unique hosts  bug#0001093: CLI Scripts bring MySQL down on large
installations  bug#0001094: Filtering broken on Data Sources page  bug#0001103:
Fix looping poller recache events  bug#0001107: ss_fping.php 100% "Pkt Loss"
does not work properly  bug#0001114: Graphs with no template and/or no host
cause filtering errors on Graph Management page  bug#0001115: View Poller Cache
does not show Data Sources that have no host  bug#0001118: Graph Generation
fails if e.g. ifDescr contains some blanks  bug#0001132: TCP/UDP ping port
ignored  bug#0001133: Downed Device Detection: None leads to database errors
bug#0001134: update_host_status handles ping_availability incorrectly
bug#0001143: "U" not allowed as min/max RRD value  bug#0001158: Deleted user
causes error on user log viewer  bug#0001161: Re-assign duplicate radio button
IDs  bug#0001164: Add HTML title attributes for certain pages  bug#0001168:
ALL_DATA_SOURCES_NODUPS includes DUPs? SIMILAR_DATA_SOURCES_DUPS is available
again  bug: Cacti does not guarentee RRA consolidation functions exist in RRA's
bug: Alert on changing logarithmic scaling removed  bug: add_hosts.php did not
accept privacy protocol  security: Fix several security vulnerabilities
feature: show basic RRDtool graph options on Graph Template edit  feature: Add
additional logging to Graph Xport  feature: Add rows dropdown to devices, graphs
and data sources  feature: Add device_id and event count to devices  feature:
Add ids to devices, graphs and data sources pages  feature: Add database repair
utility
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 14 2008 Mike McGrath <mmcgrath@redhat.com> - 0.8.7b-1
- Upstream released new version
* Fri Nov 23 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-2
- db.php is now 640 instead of 660 - #396331
* Tue Nov 20 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7a-1
- Upstream released new version
- Fixes for bug #391691 - CVE-2007-6035
* Sat Oct 13 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.7-2
- Upstream released new version
- No longer need to patch for /etc/cacti/*
* Fri Sep 14 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.6j-8
- Fix for CVE-2007-3112 bz#243592
* Sat Sep  8 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.6j-6
- rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #432758 - cacti lacks input saintization in various places
        https://bugzilla.redhat.com/show_bug.cgi?id=432758
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cacti' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds