Bugzilla – Bug 958977
VUL-0: CVE-2015-8377: cacti: SQL injection in graphs_new.php
Last modified: 2018-08-03 22:12:33 UTC
rh#1291222 An SQL injection was found in /cacti/graphs_new.php, affected versions 0.8.8f and older. Vulnerable code with reproducer can be found here: http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt References: https://bugzilla.redhat.com/show_bug.cgi?id=1291222 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8377
bugbot adjusting priority
Patch available for bug 958977 and bug 958978: http://svn.cacti.net/viewvc?view=rev&revision=7772 Please submit.
Looks like catci does not have a clear primary bugowner. I am taking bug 958863, bug 958977, bug 958977 and will submit unless someone else takes them and beats me to it.
https://build.opensuse.org/request/show/358606 https://build.opensuse.org/request/show/358610 https://build.opensuse.org/request/show/358614 https://build.opensuse.org/request/show/358612
This is an autogenerated message for OBS integration: This bug (958977) was mentioned in https://build.opensuse.org/request/show/358753 42.1 / cacti-spine+cacti https://build.opensuse.org/request/show/358754 13.2 / cacti-spine+cacti https://build.opensuse.org/request/show/358755 13.1 / cacti
all submitted, updates running
Release updates
openSUSE-SU-2016:0437-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 958863,958977,960678,965864,965930 CVE References: CVE-2015-8369,CVE-2015-8377,CVE-2015-8604,CVE-2016-2313 Sources used: openSUSE 13.2 (src): cacti-0.8.8f-4.13.1, cacti-spine-0.8.8f-4.3.1
openSUSE-SU-2016:0438-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 958863,958977,960678,965930 CVE References: CVE-2015-8369,CVE-2015-8377,CVE-2015-8604,CVE-2016-2313 Sources used: openSUSE Leap 42.1 (src): cacti-0.8.8f-8.1, cacti-spine-0.8.8f-5.1
openSUSE-SU-2016:0440-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 958863,958977,960678,965864,965930 CVE References: CVE-2015-8369,CVE-2015-8377,CVE-2015-8604,CVE-2016-2313 Sources used: openSUSE 13.1 (src): cacti-0.8.8f-17.1
This is an autogenerated message for OBS integration: This bug (958977) was mentioned in https://build.opensuse.org/request/show/625957 Backports:SLE-12 / cacti
openSUSE-OU-2018:2194-1: An update that fixes 33 vulnerabilities is now available. Category: optional (low) Bug References: 022564,1047512,1048102,1050950,1051633,1054390,1054742,1067163,1067164,1067166,1068028,1101024,1101139,837440,862993,867607,870821,872008,934187,937997,958863,958977,960678,965930,971357,974013 CVE References: CVE-2006-6799,CVE-2007-3112,CVE-2007-3113,CVE-2013-5588,CVE-2013-5589,CVE-2014-2326,CVE-2014-2327,CVE-2014-2328,CVE-2014-2708,CVE-2014-2709,CVE-2014-4000,CVE-2014-4002,CVE-2014-5025,CVE-2014-5026,CVE-2015-4342,CVE-2015-4634,CVE-2015-8369,CVE-2015-8377,CVE-2015-8604,CVE-2016-2313,CVE-2016-3172,CVE-2016-3659,CVE-2017-10970,CVE-2017-11163,CVE-2017-11691,CVE-2017-12065,CVE-2017-12927,CVE-2017-12978,CVE-2017-15194,CVE-2017-16641,CVE-2017-16660,CVE-2017-16661,CVE-2017-16785 Sources used: SUSE Package Hub for SUSE Linux Enterprise 12 (src): cacti-1.1.38-2.1