[SECURITY] [DLA 560-1] cacti security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : cacti
Version : 0.8.8a+dfsg-5+deb7u9
CVE ID : CVE-2016-2313 CVE-2016-3172 CVE-2016-3659
Three security issues have been found in cacti:
CVE-2016-2313
auth_login.php allows remote authenticated users who use web
authentication to bypass intended access restrictions by logging in
as a user not in the cacti database.
CVE-2016-3172
An SQL injection vulnerability in tree.php allows remote authenticated
users to execute arbitrary SQL commands via the parent_id parameter in
an item_edit action.
CVE-2016-3659
An SQL injection vulnerability in graph_view.php allows remote
authenticated users to execute arbitrary SQL commands via the
host_group_data parameter.
For Debian 7 "Wheezy", these problems have been fixed in version
0.8.8a+dfsg-5+deb7u9.
We recommend that you upgrade your cacti packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXlpRkAAoJEJ1GxIjkNoMC4UkP/0mVCPUjcoNJbZ5fXAURks1b
HIt3l8Oc4lxqKhyXvTVLKBuQ+P3y7g12ttj24QTDYd8Eiq0wSdl+1goBdoVy5sKy
CwWBpkw7Q0tdzJDUv/+VWOg+l+prOLMLzP4B5bI1lwRoj67DMBv7sND+rI4X3pnY
B5C7o2SaSdzaP+flycQ+7isytBBJCswXLmYVf8tNdpagiQ+AYSvy/rtjWF41VAhg
152G6DWxJGwQtrkDc3fzbYNrwrJmqoNoLRPSQAqzDlOOPWfE/qHkFVN5yX/CbBR0
Hcp15umtOnZXSWFpozlIxvIXR3JZRhdWvQxFw514RHWiA2ICE/HRsORMmWUGSRPq
AJ9Af7lo8UpcRVh33DQt2QrU8aJQPRIMRilywCm1G99NMlJ87UqTd+HmaEQ1Fqvp
r2DwEyFGWU3AXm6ENzVVI26o8pSFuMaWW7nrjhd3+eKYKd8KTCwKvKAvcqao+n6u
LvMsLbnfKBe//NJ/GeaimqM4v5w1X1tLQhZSzKAYgzgryw/G1IOTKiOO345WsJ9Q
5Sx45svp93T8MUWkUmxL9dHhu/s3LFjgYN1T9UkMxbneE5GGNIkuYr9IsVmGgpaT
RP7nm3ku9JoSxPDrR995n8nyTQaQb9B3xarq8ZPydweLC5vpYxekN9egqu/Qb9AV
uH50CbusqWQRPQB2N466
=1bMM
-----END PGP SIGNATURE-----
Reply to: