{"affected":[{"ecosystem_specific":{"binaries":[{"cacti":"1.2.26-bp155.2.6.1","cacti-spine":"1.2.26-bp155.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"cacti","purl":"pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.26-bp155.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.26-bp155.2.6.1","cacti-spine":"1.2.26-bp155.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"cacti-spine","purl":"pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.26-bp155.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.26-bp155.2.6.1","cacti-spine":"1.2.26-bp155.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"cacti","purl":"pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.26-bp155.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.26-bp155.2.6.1","cacti-spine":"1.2.26-bp155.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"cacti-spine","purl":"pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.26-bp155.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.26-bp155.2.6.1","cacti-spine":"1.2.26-bp155.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"cacti","purl":"pkg:rpm/opensuse/cacti&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.26-bp155.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.26-bp155.2.6.1","cacti-spine":"1.2.26-bp155.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"cacti-spine","purl":"pkg:rpm/opensuse/cacti-spine&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.26-bp155.2.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cacti, cacti-spine fixes the following issues:\n\ncacti-spine 1.2.26:\n\n* Fix: Errors when uptime OID is not present\n* Fix: MySQL reconnect option is depreciated\n* Fix: Spine does not check a host with no poller items\n* Fix: Poller may report the wrong number of devices polled\n* Feature: Allow users to override the threads setting at the command line\n* Feature: Allow spine to run in ping-only mode\n\ncacti 1.2.26:\n\n* CVE-2023-50250: XSS vulnerability when importing a template file (boo#1218380)\n* CVE-2023-49084: RCE vulnerability when managing links (boo#1218360)\n* CVE-2023-49085: SQL Injection vulnerability when managing poller devices (boo#1218378)\n* CVE-2023-49086: XSS vulnerability when adding new devices (boo#1218366)\n* CVE-2023-49088: XSS vulnerability when viewing data sources in debug mode (boo#1218379)\n* CVE-2023-51448: SQL Injection vulnerability when managing SNMP Notification Receivers (boo#1218381)\n* When viewing data sources, an undefined variable error may be seen\n* Improvements for Poller Last Run Date\n* Attempting to edit a Data Query that does not exist throws warnings and not an GUI error\n* Improve PHP 8.1 support when adding devices\n* Viewing Data Query Cache can cause errors to be logged\n* Preserve option is not properly honoured when removing devices at command line\n* Infinite recursion is possible during a database failure\n* Monitoring Host CPU's does not always work on Windows endpoints\n* Multi select drop down list box not rendered correctly in Chrome and Edge\n* Selective Plugin Debugging may not always work as intended\n* During upgrades, Plugins may be falsely reported as incompatible\n* Plugin management at command line does not work with multiple plugins\n* Improve PHP 8.1 support for incrementing only numbers\n* Allow the renaming of guest and template accounts\n* DS Stats issues warnings when the RRDfile has not been initialized\n* When upgrading, missing data source profile can cause errors to be logged\n* When deleting a single Data Source, purge historical debug data\n* Improvements to form element warnings\n* Some interface aliases do not appear correctly\n* Aggregate graph does not show other percentiles\n* Settings table updates for large values reverted by database repair\n* When obtaining graph records, error messages may be recorded\n* Unable to change a device's community at command line\n* Increase timeout for RRDChecker\n* When viewing a graph, option to edit template may lead to incorrect URL\n* When upgrading, failures may occur due to missing color table keys\n* On installation, allow a more appropriate template to be used as the default\n* When data input parameters are allowed to be null, allow null\n* CSV Exports may not always output data correctly\n* When debugging a graph, long CDEF's can cause undesirable scrolling\n* Secondary LDAP server not evaluated when the first one has failed\n* When adding a device, using the bulk walk option can make version information appear\n* When parsing a Data Query resource, an error can be reported if no direction is specified\n* Database reconnection can cause errors to be reported incorrectly\n* fix returned value if $sau is empty\n* Add Aruba switch, Aruba controller and HPE iLO templates\n* Add OSCX 6x00 templates\n","id":"openSUSE-SU-2024:0031-1","modified":"2024-01-24T12:47:05Z","published":"2024-01-24T12:47:05Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IZJKJNYP7JFJ3XMRIGZT22J5DIAVPSY7/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218360"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218366"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218378"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218379"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218380"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218381"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49084"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49085"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49086"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49088"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-50250"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-51448"}],"related":["CVE-2023-49084","CVE-2023-49085","CVE-2023-49086","CVE-2023-49088","CVE-2023-50250","CVE-2023-51448"],"summary":"Security update for cacti, cacti-spine","upstream":["CVE-2023-49084","CVE-2023-49085","CVE-2023-49086","CVE-2023-49088","CVE-2023-50250","CVE-2023-51448"]}