Security update for cacti, cacti-spine
This update for cacti and cacti-spine fixes security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2017-12927: Cross-site scripting vulnerability in methodparameter (bsc#1054390)
* CVE-2017-12978:Cross-site scripting vulnerability via the title field (bsc#1054742)
It also contains all upstream bug fixes and improvements in the 1.1.18 release:
* Sort devices by polling time to allow long running d
* Allow user to hide Graphs from disabled Devices
* Create a separate Realm for Realtime Graphs
* Fix various JavaScript errors
* updated translations
* Can now export Device table results to CSV
* Allow Log Rotation to be other than Daily, and other log rotation improvements
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1054742
VUL-0: CVE-2017-12978: cacti: lib/html.php in Cacti before 1.1.18 has XSS via the title field of anexternal link added by an authenticated user.
bnc#1054390
VUL-0: CVE-2017-12927: cacti: XSS in methodparameter in spikekill.php.
