MDVSA-2012:010
- Package name
- cacti
- Date
- 2012-01-20
- Advisory ID
- MDVSA-2012:010
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
Multiple vulnerabilities has been found and corrected in cacti:
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h
allows remote attackers to execute arbitrary SQL commands via the
login_username parameter (CVE-2011-4824).
Various vulnerabilities were discovered and fixed in the 0.8.7i version
(cacti bug 2062).
The updated packages provides the latest 0.8.7i version which are
not affected by these issues.
Updated packages
MES5 i586
b716c02b3f218644b99af035e22efd96 mes5/i586/cacti-0.8.7i-0.1mdvmes5.2.noarch.rpm 4a32b7bb560f6b45dec282b4be6292bc mes5/SRPMS/cacti-0.8.7i-0.1mdvmes5.2.src.rpm
MES5 x86_64
770031f38e50eafef8230b8b209857cb mes5/x86_64/cacti-0.8.7i-0.1mdvmes5.2.noarch.rpm 4a32b7bb560f6b45dec282b4be6292bc mes5/SRPMS/cacti-0.8.7i-0.1mdvmes5.2.src.rpm