Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-12
patchinfo.17465
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.17465
<patchinfo incident="17465"> <issue tracker="cve" id="2022-0730"/> <issue tracker="bnc" id="1192408">VUL-0: cacti: multiple XSS fixes related to grave character "`"</issue> <issue tracker="bnc" id="1196692">VUL-0: CVE-2022-0730: cacti: Authentication bypass under certain LDAP server environments</issue> <packager>AndreasStieger</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for cacti, cacti-spine</summary> <description>This update for cacti, cacti-spine fixes the following issues: cacti-spine was updated to 1.2.20: * Add support for newer versions of MySQL/MariaDB * When checking for uptime of device, don't assume a non-response is always fatal * Fix description and command trunctation issues * Improve spine performance when only one snmp agent port is in use cacti-spine 1.2.19: * Fix 1ssues with polling loop may skip some datasources * Fix ping no longer works due to hostname changes * Fix RRD steps are not always calculated correctly * Fix unable to build when DES no longer supported * Fix IPv6 devices are not properly parsed * Reduce a number of compiler warnings * Fix compiler warnings due to lack of return in thread_mutex_trylock * Fix Spine will not look at non-timetics uptime when sysUpTimeInstance overflows * Improve performance of Cacti poller on heavily loaded systems cacti-spine 1.2.20: * Add support for newer versions of MySQL/MariaDB * When checking for uptime of device, don't assume a non-response is always fatal * Fix description and command trunctation issues * Improve spine performance when only one snmp agent port is in use cacti was updated to 1.2.20: * Security fix for CVE-2022-0730, boo#1196692 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. * Security fix: Device, Graph, Graph Template, and Graph Items may be vulnerable to XSS issues * Security fix: Lockout policies are not properly applied to LDAP and Domain Users * Security fix: When using 'remember me' option, incorrect realm may be selected * Security fix: User and Group maintenance are vulnerable to SQL attacks * Security fix: Color Templates are vulnerable to XSS attack * Features: * When creating a Data Source Profile, allow additional choices for Heartbeat * Change select all options to use Font Awesome icons * Improve spine performance by storing the total number of system snmp_ports in use * Prevent Template User Accounts from being Removed * When managing by users, allow filtering by Realm * Allow plugins to supply template account names * When viewing logs, additional message types should be filterable * When creating a Graph Template Item, allow filtering by Data Template * Allow language handler to be selected via UI * Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco * Add Advanced Ping Graph Template to initial Installable templates * Add LDAP Debug Mode option * Allow Reports to include devices not on a Tree * Allow Basic Authentication to display custom failure message * Fix: When replicating data during installation/upgrade, system may appear to hang * Fix: Graph Template Items may have duplicated entries * Fix: Unable to Save Graph Settings * Fix: Script Server may crash if an OID is missing or unavailable * Fix: When system-wide polling is disabled, remote pollers may fail to sync changed settings * Fix: When updating poller name, duplicate name protection may be over zealous * Fix: Titles may show "Missing Datasource" incorectly * Fix: Checking for MIB Cache can cause crashes * Fix: Polling cycles may not always complete as expected * Fix: When viewing graph data, non-numeric values may appear * Fix: Utilities view has calculation errors when there are no data sources * Fix: When editing Reports, drag and drop may not function as intended * Fix: When data drive is full, viewing a Graph can result in errors * Various other bug fixes cacti 1.2.19: * Further fixes for grave character security protection (boo#1192408) * Fix Over aggressive escaping causing menu visibility issues on Create Device page * Add SHA256 and AES256 security levels for SNMP polling * Import graph template(Preview Only) show color_id new value as a blank area * Fix Editing graphs errors due to missing sequence * Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen * Fix 2hen RealTime is not active, console errors may appear * Fix race conditions may occur when multiple RRDtool processes are running * Fix errors creating graphs from templates * Fix errors when duplicating reports * Fix Boost may be blocked by overflowing poller_output table * Fix Template import may be blocked due to unmet dependency warnings with snmp ports * Fix Newer MySQL versions may error if committing a transaction when not in one * Fix SNMP Agent may not find a cache item * Fix Correct issues running under PHP 8.x * Fix When polling is disabled, boost may crash and creates many arch tables * Fix When poller runs, memory tables may not always be present * Fix Timezones may sometimes be incorrectly calculated * Fix Allow monitoring IPv6 with interface graphs * Fix When a data source uses a Data Input Method, those without a mapping should be flagged * Fix When RRDfile is not yet created, errors may appear when displaying the graph * Fix Cacti missing key indexes that result in Preset pages slowdowns * Fix Data Sources page shows no name when Data Source has no name cache * Fix db_update_table function can not alter table from signed to unsigned * Fix data remains in poller_output table even if it's flushed to rrd files * Fix Parameter list for lib/database.php:db_connect_real() is not correct in 3 places * Fix Offset is a reserved word in MariaDB 10.6 affecting Report * Fix Rendering large trees slowed due to lack of permission caching * Fix Error on interpretation of snmpUtime, when to big * Fix Applying right axis formatting creates an error-image * Fix Unable to Save Graph Settings from the Graphs pages * Fix Graph Template Cache is nullified too often when Graph Automation is running * Fix When Adding a Data Query to a Device, no Progress Spinner is shown * Fix New Browser Breaks Plugins that depend on non UTC date time data * Fix errors when testing remote poller connectivity * Fix errors when renaming poller * Fix Removing spikes by Variance does not appear to be working beyond the first RRA * Fix LDAP API lacks timeout options leading to bad login experiences * Add a normal/wrap class for general use * Limit File Types available for Template Import operations * Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication * Support Stronger Encryption Available Starting in Net-SNMP v5.8 * Allow Cacti to use multiple possible LDAP servers * Add a 15 minute polling/sampling interval * Provide additional admin email notifications * Add warnings for undesired changes to plugin hook return values * When creating a Graph, make testing the Data Sources optional by Template * Update phpseclib to 2.0.33 * Update jstree.js to 3.3.12 * Improve performance of Cacti poller on heavily loaded systems * MariaDB recommendations need some tuning for recent updates </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor