Debian Linux Security Update: Cacti packages fix regression

last updated in Categories Debian Linux, GNU/Open source, Howto, Linux, Linux distribution, Networking, package management, Security Alert

Cacti is an open source, web-based graphing tool designed as a frontend to RRDtool’s data storage and graphing functionality. Cacti allows a user to poll services at predetermined intervals and graph the resulting data. It is generally used to graph time-series data like CPU load and bandwidth use. A common usage is to query network switch or router interfaces via SNMP to monitor network traffic.

It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.

Since the previous security update, the cacti package could no longer be rebuilt from the source package. This update corrects that problem. Note that this problem does not affect regular use of the provided binary packages (.deb).

Details:
=> Package : cacti
=> Vulnerability : insufficient input sanitising
=> Problem type : remote
=> Debian-specific: no
=> CVE Id(s) : CVE-2008-0783 CVE-2008-0785

How do I fix Cacti packages fix regression issues?

Simply type the following two commands as root user:
# apt-get update
# apt-get upgrade

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 0 comments/add one below):