Nom du paquet
cacti
Date
2012-01-20
Advisory ID
MDVSA-2012:010
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in cacti:

SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h
allows remote attackers to execute arbitrary SQL commands via the
login_username parameter (CVE-2011-4824).

Various vulnerabilities were discovered and fixed in the 0.8.7i version
(cacti bug 2062).

The updated packages provides the latest 0.8.7i version which are
not affected by these issues.

Updated packages

MES5 i586

 b716c02b3f218644b99af035e22efd96  mes5/i586/cacti-0.8.7i-0.1mdvmes5.2.noarch.rpm 
 4a32b7bb560f6b45dec282b4be6292bc  mes5/SRPMS/cacti-0.8.7i-0.1mdvmes5.2.src.rpm

MES5 x86_64

 770031f38e50eafef8230b8b209857cb  mes5/x86_64/cacti-0.8.7i-0.1mdvmes5.2.noarch.rpm 
 4a32b7bb560f6b45dec282b4be6292bc  mes5/SRPMS/cacti-0.8.7i-0.1mdvmes5.2.src.rpm

References