|
|
Subscribe / Log in / New account

Debian alert DLA-4048-1 (cacti)



From:
              rouca@debian.org


To:
              <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 4048-1] cacti security update


Date:
              Tue, 11 Feb 2025 17:20:12 +0000


Message-ID:
              <6e6f3ab0f3290eaab8a079013e583e6c@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4048-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien Roucariès
February 10, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cacti
Version        : 1.2.16+ds1-2+deb11u5
CVE ID         : CVE-2024-43362 CVE-2024-43363 CVE-2024-43364 CVE-2024-43365 
                 CVE-2024-45598 CVE-2024-47875 CVE-2024-48910 CVE-2024-54145 
                 CVE-2025-22604 CVE-2025-24367 CVE-2025-24368


Multiple security vulnerabilities have been discovered in Cacti, a web
interface for graphing of monitoring systems, which could result in
cross-site scripting, SQL injection, or command injection.

For Debian 11 bullseye, these problems have been fixed in version
1.2.16+ds1-2+deb11u5.

We recommend that you upgrade your cacti packages.

For the detailed security status of cacti please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cacti

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmerhssACgkQADoaLapB
CF+0xQ/+LLyY3yMWDFqAYufwUoe5hYCiyoEVPFIjWxiG4FUIFs3fqZQLD+1I/1mR
a/0Oi5hdTRqjrG3q7HZ7SUcxbYKymV62/PtJXEZrZb2i/NkF+U9xm2sy+AM1zOHe
KZu2hk3bB5BscSbQVNBPKoaM8HSadP1iRNYbWQWBJ2i4io0iP/tNAtng1485wJcr
s1O1dhhsI7aLDT7XESzvcOetLJzrI6f1GMoBu1qBiVJkXn203STO0pfdywncPfPm
aeYiRRhykYt3+YYljy1P5HQDWbyBgRYhTthD5PIW+//PsmMjahXefyXlKI0GqdGd
UpHd+rH7pLmrznwFUUBUw2hf3XLUgsYXSQVflxgHFCxTr5wvYxWgrBcT8bQYzysA
cHpRmoYgOKokI9GDRbrstgpAfiQISzBB4wAyh93SOeMc9RiFERV74h0rEq1Ybdp7
Mr/q8UoaG7VGeHO77+9DbbjwpAcX5pe4aoesP11k7utpcjJq6EPYfqWZdBXs8KBk
hui+Vgj4w8CjX/5CL4AxfsgkcNWiphI2+Z8lmIiMCJchqUxmeVviY6ZbgYdwB3jY
Igs1mKmXT3Au2o7xDdQ6qLxoLEnVpi6KcbMKyCwMrm/VDQv6A1SPYR32SbYZUtuT
Y2yYXdXIwJwqk0vUwNyBpXh7crhFBqYf1D0uS72hLlnrkpZSaxo=
=ycHd
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds