Cacti is an open source, web-based graphing tool designed as a frontend to RRDtool’s data storage and graphing functionality. Cacti allows a user to poll services at predetermined intervals and graph the resulting data. It is generally used to graph time-series data like CPU load and bandwidth use. A common usage is to query network switch or router interfaces via SNMP to monitor network traffic.
It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.
Since the previous security update, the cacti package could no longer be rebuilt from the source package. This update corrects that problem. Note that this problem does not affect regular use of the provided binary packages (.deb).
=> Package : cacti
=> Vulnerability : insufficient input sanitising
=> Problem type : remote
=> Debian-specific: no
=> CVE Id(s) : CVE-2008-0783 CVE-2008-0785
How do I fix Cacti packages fix regression issues?
Simply type the following two commands as root user:
# apt-get update
# apt-get upgrade