Security update for cacti, cacti-spine

This update for cacti, cacti-spine to version 1.1.28 fixes the following issues:

- CVE-2017-16641: Potential code execution vulnerability in RRDtool functions (boo#1067166)
- CVE-2017-16660: Remote execution vulnerability in logging function (boo#1067164)
- CVE-2017-16661: Arbitrary file read vulnerability in view log file (boo#1067163)
- CVE-2017-16785: Reflection XSS vulnerability (boo#1068028)

This update to version 1.1.28 also contains a number of upstream bug fixes and improvements.

Fixed bugs
bnc#1067166
VUL-0: CVE-2017-16641: cacti: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands
bnc#1067164
VUL-0: CVE-2017-16660: cacti: Cacti 1.1.27 allows remote authenticated administrators to conduct Remote CodeExecution attacks
bnc#1068028
VUL-0: CVE-2017-16785: Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
bnc#1067163
VUL-0: CVE-2017-16661: cacti: Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files
Selected Binaries
openSUSE Build Service is sponsored by