Summary: | <net-analyzer/cacti-0.8.8d: SQL Injection and Location header injection from cdef id (CVE-2015-{2665,4342,4454}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1230295 | ||
Whiteboard: | B4 [noglsa/cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 552030 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-06-11 07:32:23 UTC
Arch teams, please test and mark stable: =net-analyzer/cacti-0.8.8d Targeted stable KEYWORDS : alpha amd64 hppa ppc ppc64 sparc x86 =net-analyzer/cacti-spine-0.8.8d Targeted stable KEYWORDS : amd64 x86 Second try: Arch teams, please test and mark stable: =net-analyzer/cacti-0.8.8d Targeted stable KEYWORDS : alpha amd64 hppa sparc x86 =net-analyzer/cacti-spine-0.8.8d Targeted stable KEYWORDS : amd64 x86 amd64 stable x86 stable (In reply to Agostino Sarubbo from comment #3) > amd64 stable No. (In reply to Agostino Sarubbo from comment #4) > x86 stable No. I guess I rushed cacti-spine there. More changes were needed: Arch teams, please test and mark stable: =net-analyzer/cacti-0.8.8d Targeted stable KEYWORDS : alpha amd64 hppa sparc x86 =net-analyzer/cacti-spine-0.8.8d-r1 Targeted stable KEYWORDS : amd64 x86 (In reply to Jeroen Roovers from comment #5) > (In reply to Agostino Sarubbo from comment #3) > > amd64 stable > > No. > > (In reply to Agostino Sarubbo from comment #4) > > x86 stable > > No. Sorry, I missed cacti-spine. It is now stable for amd64 and x86 Stable for HPPA. sparc stable CVE-2015-4454 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4454): SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. CVE-2015-4342 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4342): SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. CVE-2015-2665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2665): Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. alpha stable Arches and Maintainer(s), Thank you for your work. GLSA Vote: No GLSA Vote: No |