Debian Security Advisory
DLA-40-1 cacti -- LTS security update
- Date Reported:
- 22 Aug 2014
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 755032.
In Mitre's CVE dictionary: CVE-2014-5025, CVE-2014-5026, CVE-2014-5261, CVE-2014-5262.
- More information:
Multiple security issues (cross-site scripting, missing input sanitizing and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.
Furthermore, the fix for CVE-2014-4002 in the previous security update has been brought in-line with the upstream fix as it caused a regression for people using the plug-in system.
For Debian 6
Squeeze, these issues have been fixed in cacti version 0.8.7g-1+squeeze5