Debian alert DLA-2032-1 (cacti)

From:
             
 
"Chris Lamb" <lamby@debian.org> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2032-1] cacti security update 
Date:
             
 
Wed, 11 Dec 2019 11:51:25 +0000
Message-ID:
             
 
<7cedf30e-92de-408f-a030-be32f3f58ad4@sloti26t01>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : cacti
Version        : 0.8.8b+dfsg-8+deb8u8
CVE ID         : CVE-2019-17358

It was discovered that there was unsafe deserialisation issue in
cacti, server monitoring system system.

Unsafe deserialisation of objects which can lead to abuse of the
application logic, deny service or even execute arbitrary code.

For Debian 8 "Jessie", this issue has been fixed in cacti version
0.8.8b+dfsg-8+deb8u8.

We recommend that you upgrade your cacti packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl3w18gACgkQHpU+J9Qx
HlhFoxAAkmUfpe1+xTnnxEVOecVcQRjh8EsP+ntTp3io8C6KHlBy7A5GC81hnWK+
b7Vp3qKCSrkJgJdh/kgySChCZobmrzyAC+g+fALWWU/7doiXLgUzm1y3AD7nVvKn
yp+qt5UXz3B9dqcUUJpb7nJqeJusM4KLl40gdKuSyD+cdlX+lXTo5J1Ar854ONuP
MsRDD5dMFZsoWtrr4aoUmPG2GvZSNR4qa+hao5nxGl9egFUuSJd6PJGJ1cvMiP5c
ks5Xg0qtAIKuva8R0pIKVfZuxR0S4rvOT9zsZCHkbox4hGedK/gisOoUHj2aD/VB
RkZR9maUCfCf8cGz4pgw3uH+28wmMz//YxcNLmX+/cj/NiC7vj7FhGDwwjF5fgyx
bMPPt1q1SD3jM6Z0V6o5czmew2e3c2cPnSBbZKwrwTNMv/T36LEmkMn6AFmGK+52
j3zQlZjWE5Q4uUxgV+iVT2150MhLo/TuwvHqtxvGN+k2JcLpPSDyIeN9fHNvOSx5
+7ZPEiBaCSXw/PFxM3asQbd1xrta1L6XGfnTPJmndOr3TNoQ1RlvjAYLtejm/xX6
H99Wvwc6mz9KZ+su8TNnDfJHzWfLBIAkf4YNG+T4x2XzJ7ahOZVpJzVGWpZnbjy8
JNNqsouGyxF14SO8/ukfWdLLSqLFtvER6yMZw/TaPCwDKygU8vs=
=xNy3
-----END PGP SIGNATURE-----