Support / Security / Advisories / Corporate Server 4.0 / MDVSA-2008:052

Package name: cacti
Date: 2008-02-27
Advisory ID: MDVSA-2008:052
Affected versions: CS4.0 x86_64 , CS4.0 i586

Problem description

A number of vulnerabilities were found in the Cacti program, including
XSS vulnerabilities, SQL injection vulnerabilities, CRLF injection
vulnerabilities, and information disclosure vulnerabilities.

This update provides Cacti 0.8.6k which corrects these issues.

Updated packages

CS4.0 x86_64

 30aedd43c1df197e74085d8741d3af5b  corporate/4.0/x86_64/cacti-0.8.6k-0.0.20060mlcs4.noarch.rpm 
 662fc62ff87a7fe6620a50aaca25b162  corporate/4.0/SRPMS/cacti-0.8.6k-0.0.20060mlcs4.src.rpm

CS4.0 i586

 65edabbdda4368515b5746d87bdaf63c  corporate/4.0/i586/cacti-0.8.6k-0.0.20060mlcs4.noarch.rpm 
 662fc62ff87a7fe6620a50aaca25b162  corporate/4.0/SRPMS/cacti-0.8.6k-0.0.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0786