Debian Security Advisory
DSA-2739-1 cacti -- several vulnerabilities
- Date Reported:
- 21 Aug 2013
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-1434, CVE-2013-1435.
- More information:
Two security issues (SQL injection and command line injection via SNMP settings) were found in Cacti, a web interface for graphing of monitoring systems.
For the oldstable distribution (squeeze), these problems have been fixed in version 0.8.7g-1+squeeze2.
For the stable distribution (wheezy), these problems have been fixed in version 0.8.8a+dfsg-5+deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 0.8.8b+dfsg-2.
We recommend that you upgrade your cacti packages.