Debian Security Advisory 3494-1

Debian Security Advisory 3494-1: Posted Feb 29, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3494-1 - Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database.; tags | advisory, web, arbitrary, php, vulnerability, sql injection; systems | linux, debian; advisories | CVE-2015-8377, CVE-2015-8604; SHA-256 | 97808cf3529875d4bcd54cfdad0de8a01c508d89587d889ac02eab545d374b0b; Download | Favorite | View

Debian Security Advisory 3494-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3494-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 27, 2016                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cacti
CVE ID         : CVE-2015-8377 CVE-2015-8604

Two SQL injection vulnerabilities were discovered in cacti, a web
interface for graphing of monitoring systems. Specially crafted input
can be used by an attacker in parameters of the graphs_new.php script to
execute arbitrary SQL commands on the database.

For the oldstable distribution (wheezy), these problems have been fixed
in version 0.8.8a+dfsg-5+deb7u8.

For the stable distribution (jessie), these problems have been fixed in
version 0.8.8b+dfsg-8+deb8u4.

For the testing distribution (stretch), these problems have been fixed
in version 0.8.8f+ds1-4.

For the unstable distribution (sid), these problems have been fixed in
version 0.8.8f+ds1-4.

We recommend that you upgrade your cacti packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW0gMiAAoJEAVMuPMTQ89EUH8P/jjJHsExGGZvKbCUTjT6Znlx
htEfTX86HHkC0KRhS5jj3zMQjxUc7sqSa0SmZHw6U1RaRu0LzAKcpRgwHmk5OcnY
XJQ22fJfPEhkeNevz49NJSrqRww9/qj0GOEKF3tcStC0CuIo9gi5FA6Knnh7s2UQ
QoGqD4r0l8pGwR/z07ewJ1L+G++pefd1t276r1Abc5LD47QrSAeGyfREQ64XPrtJ
CPGjSBd0XIRaEIS3zyJlKEGcyYCSbJTcn77dVz2iamJ6BnT/7ckwEFlkOuzx8wmy
8vTNntvb0hEw0IPI5N8B6TtB/Uwnwv/ZI0zqnTMkYKfotaVON265wwXskyJi6b9x
1htdkNrgITGke0+468W4XcE3MGSQNaDMlvo0JEXu5hOCCPBRADktBlBMDEz7D7i7
cyAQzhtavKIPVwXe6dsKrdFdJ3sVOHhIXuNTRMse5ms2ZezpkktvkVgHj5EHJMm+
BsiyVeDRmCdciZ8lezmCDY+9YCnbig7cCffzPvibrEX10A7zAkOBF35LbWfMDkQF
5I607UFQmogrZc0ZoQS5cI42XGvFuCs2+hoQRWoWnfLfADLcT1zwLO4pNGjINI2B
b4Lg7f2dI/NqGClx1g5Q4sESKjQ0vE45I250to1O90i4Fqt4IgWaR11HJ54NbMHz
sgT7GPOUT0Na943w9E/v
=oSWy
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 3494-1

Debian Security Advisory 3494-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3494-1

Share This

Debian Security Advisory 3494-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems