Security Information / 2022 / Security Information -- DSA-5298-1 cacti

Debian Security Advisory

DSA-5298-1 cacti -- security update

Date Reported:

09 Dec 2022

Affected Packages:

cacti

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 1008693, Bug 1025648.
In Mitre's CVE dictionary: CVE-2022-0730, CVE-2022-46169.

More information:

Two security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in unauthenticated command injection or LDAP authentication bypass.

For the stable distribution (bullseye), these problems have been fixed in version 1.2.16+ds1-2+deb11u1.

We recommend that you upgrade your cacti packages.

For the detailed security status of cacti please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cacti