"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2039-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
April 23, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : cacti
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
Debian Bug : 578909
It was discovered that Cacti, a frontend to rrdtool for monitoring
systems and services missed input sanitising, making an SQL injection
attack possible.
For the stable distribution (lenny), this problem has been fixed in
version 0.8.7b-2.1+lenny2.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your cacti package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny2.diff.gz
Size/MD5 checksum: 37338 16b43e80a447a185f5372372836104ed
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b.orig.tar.gz
Size/MD5 checksum: 1972444 aa8a740a6ab88e3634b546c3e1bc502f
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny2.dsc
Size/MD5 checksum: 1408 468d418ebedfd326081cbb159c159b55
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny2_all.deb
Size/MD5 checksum: 1826020 b88356b2559091ae8444b93b5234e881
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJL0fvtAAoJECIIoQCMVaAceK0H/jud0EGRDRnk4Lwd2Io8JyTr
mJmuYrVrSKa4DnDd4y62xShPqKUvc9Fs4mbQb4an8aNinyTR9m6CSqF5qs1T6oAt
zcvSNdDetj3H/wqJ24T3oUpCadNu7FNUBPj0VLjqZL4G7NuHqxoyvPEkDyYBjIUB
abqgJWsG7RXiuGbNPsCRzcp2AASaTH4iQ2GELCsZ50TQxW+1v+GHneqjAwSHYI4n
cPO+SumkZ5k6oPEwzKpQm9ja3e3rz/kb7SogDVexCeH7sBZG2N2fo6OCv8T8PvpW
zYy2pGmZXvtSAu/zeBBXvdox7byfAchKQFRRbZRYhUVODYn5/iFAV8FoGmqXbkE=
=0ixH
-----END PGP SIGNATURE-----
"
Susan Boyle in a panic after intruder incidentDSA 2030-1: New mahara packages fix sql injection
This entry was posted
on 5:41 PM
.
Archives
-
▼
2010
(391)
-
▼
May
(22)
- RHSA-2010:0424-01 Important: kernel security and e...
- USN-939-1: X.org vulnerabilities
- DSA 2047-1: New aria2 packages fix directory trave...
- CentOS-5.5 i386 and x86_64 released
- DSA-2046-1: New phpgroupware packages fix several ...
- USN-938-1: KDENetwork vulnerability
- DSA 2043-1: New vlc packages fix arbitrary code ex...
- RHSA-2010:0400-01 Moderate: tetex security update
- DSA 2045-1: New libtheora packages fix arbitrary c...
- DSA 2042-1: New iscsitarget packages fix arbitrary...
- DSA 2044-1: New mplayer packages fix arbitrary cod...
- RHSA-2010:0401-01 Moderate: tetex security update
- USN-936-1: dvipng vulnerability
- RHSA-2010:0398-01 Important: kernel security and b...
- RHSA-2010:0399-01 Moderate: tetex security update
- USN-937-1: TeX Live vulnerabilities
- RHSA-2010:0394-01 Important: kernel security, bug ...
- DSA-2041-1: New mediawiki packages fix cross-site ...
- RHSA-2010:0386-01 Low: Red Hat Enterprise Linux 3 ...
- DSA 2040-1: New squidguard packages fix several vu...
- DSA 2039-1: New cacti packages fix missing input s...
- USN-934-1: Netpbm vulnerability
-
▼
May
(22)