cacti: security fixes; cacti-spine: update to 0.8.8b
cacti was patched to fix several security issues:
* CVE-2013-5588: XSS injection vulnerability
* CVE-2013-5589: SQL injection vulnerability
* CVE-2014-2326: XSS injection vulnerability
* CVE-2014-2328: Remote Command Execution Vulnerability
* CVE-2014-2708: SQL Injection Vulnerability
* CVE-2014-2709: Remote Command Execution Vulnerability
cacti-spine was updated to 0.8.8b to fix the following issue:
* bug: set appropriate mysql 5.5+ timeouts
- Submitted by Aeneas Jaißle (aeneas_jaissle)
Fixed bugs
bnc#870821
VUL-0: CVE-2014-2326: cacti: xss attacjs ub 0.8.7g
bnc#872008
VUL-0: CVE-2014-2708, CVE-2014-2709: cacti: command injection issues
bnc#837440
VUL-0: CVE-2013-5588 CVE-2013-5589: cacti: XSS and SQL injection vulnerabilities