Nome do pacote
cacti
Data
2012-01-20
ID Alerta
MDVSA-2012:010
Versões afetadas
MES5 i586 , MES5 x86_64

Descrição do problema

Multiple vulnerabilities has been found and corrected in cacti:

SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h
allows remote attackers to execute arbitrary SQL commands via the
login_username parameter (CVE-2011-4824).

Various vulnerabilities were discovered and fixed in the 0.8.7i version
(cacti bug 2062).

The updated packages provides the latest 0.8.7i version which are
not affected by these issues.

Pacotes atualizados

MES5 i586

 b716c02b3f218644b99af035e22efd96  mes5/i586/cacti-0.8.7i-0.1mdvmes5.2.noarch.rpm 
 4a32b7bb560f6b45dec282b4be6292bc  mes5/SRPMS/cacti-0.8.7i-0.1mdvmes5.2.src.rpm

MES5 x86_64

 770031f38e50eafef8230b8b209857cb  mes5/x86_64/cacti-0.8.7i-0.1mdvmes5.2.noarch.rpm 
 4a32b7bb560f6b45dec282b4be6292bc  mes5/SRPMS/cacti-0.8.7i-0.1mdvmes5.2.src.rpm

Referências