openSUSE Security Update: Security update for cacti, cacti-spine

______________________________________________________________________________



Announcement ID: openSUSE-SU-2017:3051-1

Rating: important

References: #1067163 #1067164 #1067166 #1068028

Cross-References: CVE-2017-16641 CVE-2017-16660 CVE-2017-16661

CVE-2017-16785

Affected Products:

openSUSE Leap 42.3

openSUSE Leap 42.2

______________________________________________________________________________



An update that fixes four vulnerabilities is now available.



Description:



This update for cacti, cacti-spine to version 1.1.28 fixes the following

issues:



- CVE-2017-16641: Potential code execution vulnerability in RRDtool

functions (boo#1067166)

- CVE-2017-16660: Remote execution vulnerability in logging function

(boo#1067164)

- CVE-2017-16661: Arbitrary file read vulnerability in view log file

(boo#1067163)

- CVE-2017-16785: Reflection XSS vulnerability (boo#1068028)



This update to version 1.1.28 also contains a number of upstream bug fixes

and improvements.





Patch Instructions:



To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:



- openSUSE Leap 42.3:



zypper in -t patch openSUSE-2017-1290=1



- openSUSE Leap 42.2:



zypper in -t patch openSUSE-2017-1290=1



To bring your system up-to-date, use "zypper patch".





Package List:



- openSUSE Leap 42.3 (i586 x86_64):



cacti-spine-1.1.28-20.1

cacti-spine-debuginfo-1.1.28-20.1

cacti-spine-debugsource-1.1.28-20.1



- openSUSE Leap 42.3 (noarch):



cacti-1.1.28-29.1

cacti-doc-1.1.28-29.1



- openSUSE Leap 42.2 (i586 x86_64):



cacti-spine-1.1.28-7.13.1

cacti-spine-debuginfo-1.1.28-7.13.1

cacti-spine-debugsource-1.1.28-7.13.1



- openSUSE Leap 42.2 (noarch):



cacti-1.1.28-16.13.1

cacti-doc-1.1.28-16.13.1





References:



https://www.suse.com/security/cve/CVE-2017-16641.html

https://www.suse.com/security/cve/CVE-2017-16660.html

https://www.suse.com/security/cve/CVE-2017-16661.html

https://www.suse.com/security/cve/CVE-2017-16785.html

https://bugzilla.suse.com/1067163

https://bugzilla.suse.com/1067164

https://bugzilla.suse.com/1067166

https://bugzilla.suse.com/1068028



--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org

For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

