Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-40-1 cacti

Debian Security Advisory

DLA-40-1 cacti -- LTS security update

Date Reported:

22 Aug 2014

Affected Packages:

cacti

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 755032.
In Mitre's CVE dictionary: CVE-2014-5025, CVE-2014-5026, CVE-2014-5261, CVE-2014-5262.

More information:

Multiple security issues (cross-site scripting, missing input sanitizing and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

Furthermore, the fix for CVE-2014-4002 in the previous security update has been brought in-line with the upstream fix as it caused a regression for people using the plug-in system.

For Debian 6 Squeeze, these issues have been fixed in cacti version 0.8.7g-1+squeeze5