Debian Security Advisory

DLA-40-1 cacti -- LTS security update

Date Reported:
22 Aug 2014
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 755032.
In Mitre's CVE dictionary: CVE-2014-5025, CVE-2014-5026, CVE-2014-5261, CVE-2014-5262.
More information:

Multiple security issues (cross-site scripting, missing input sanitizing and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

Furthermore, the fix for CVE-2014-4002 in the previous security update has been brought in-line with the upstream fix as it caused a regression for people using the plug-in system.

For Debian 6 Squeeze, these issues have been fixed in cacti version 0.8.7g-1+squeeze5