-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5298-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cacti CVE ID : CVE-2022-0730 CVE-2022-46169 Debian Bug : 1008693 1025648 Two security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in unauthenticated command injection or LDAP authentication bypass. For the stable distribution (bullseye), these problems have been fixed in version 1.2.16+ds1-2+deb11u1. We recommend that you upgrade your cacti packages. For the detailed security status of cacti please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cacti Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOTiuUACgkQEMKTtsN8 TjZelw/+IK8TVgkeBtodhDZpUpUlrBmGTZy/GQAGhCL7l5tVyDyrUySYlZWQg8db KHJHTGBIxSmsqkK923y/ddZApQreteoAIPyY5VVZ8EmSa7k+tzIvEUkJKlqDEnBl avQth37WaDsB4OYRW+bWMnCrvMhBzMIuuJOIdPAA5nNyhSgGiwxjbrMtInXFavd9 k+WO3FMoxD5Jdzc3BvFLH+NJJl4KP/E96WaHenOYonTkpu1ATEo2uqCA0jdWC1dW PtieLAvZvOKR9a8eieWLoKHn5GK9tsYN1VEqwPGdqLHe6vOmreUEqtnq86uNZ1Rh Ytv2uGWdRVs6jCUKUM8yM5qTBXHLqpaDVoOfHfRhQEI2anZlcFNuXXv3yEHOpWza nTlC7ncAbCF8kC0gzQ0nhb0AWehIwNsslxre8++FVjLlPHoppaaUlgwt3NFkq9IT s9MVohvp1RunSUig9/8Z9Im6U1o51rbbSWSjOGyFSNjljcoHJ1WOoVit/PIAyhIh U1gaUV2hqIc+owaWo+LV/zSC9Myv3IxhUGoryuozM+z2krXk+ywzMcVR3kWXyY2q qMmHRkljnYknchoSDJd0bthwQ5t0daGnzLoqeql8hwOveN7hVIDg5SCOnybgesjV QN9x8leb9OifmVOA7Gj3sYP9Czmh1kWqvNwM2KROo8tyDszsl78= =mHv/ -----END PGP SIGNATURE-----