[SECURITY] [DSA 5862-1] cacti security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5862-1] cacti security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 10 Feb 2025 15:54:56 +0000
Message-id: <[🔎] E1thW7c-009LpW-1T@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5862-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 10, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cacti
CVE ID         : CVE-2024-27082 CVE-2024-43362 CVE-2024-43363 CVE-2024-43364
                 CVE-2024-43365 CVE-2024-45598 CVE-2024-54145 CVE-2025-22604
                 CVE-2025-24367 CVE-2025-24368
Debian Bug     : 1094574

Multiple security vulnerabilities have been discovered in Cacti, a web
interface for graphing of monitoring systems, which could result in
cross-site scripting, SQL injection, or command injection.

For the stable distribution (bookworm), these problems have been fixed in
version 1.2.24+ds1-1+deb12u5.

We recommend that you upgrade your cacti packages.

For the detailed security status of cacti please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/cacti

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmeqIIBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QOEQ//eQmKQZ6c/I1ni1KOq4IJnYxglt5Gs/qgOqf2mM0gdmx06T+E6VT03FZa
HNYhlXjmq8YXzv2EO9za7wdIdZokKQNIWkZMKZT5XvxXQIuiqAYCa/sLQmOf87bN
dolBdVXZh/2pce3QbYKyqfbFR35tffsAFp0epRZ475h4/vlBtwR+EHI35ykk5YzJ
0HlDZ1hsRenNWNXndbMuE/U5ROVXC7uNKaU0BmbF2W174jJ8tXOU/hFDM/zJZx1p
9bVAa48z5m4tvbA5fAWBkrWlwmWie5fJNrBXJxmg8My3S2lZhqGgemNn7+fFZU7Y
HuaEn29kNJXm2ZBhp/4yvdRMYYi9lud5QQ0pcmLSxWUgAxTmbuvhiMNEv2QS8QUz
SiOHPI3+CA6d4KfO2Ka1pPsuV1gyToR5aeJ7JV5g9sLqTY010nso/92kXWI0Gp6Y
HJubFzPam2/ylNKSN4lu/AaD+1JBAk7Xg4/iC8vfjr94LxGjKKoyad64r9BgZtVW
S98PkJOM2dX9yX1owDzeSaPSBOJ+msbDRxK6MVwDrQzvw4f/nmLBsrnBE3c2LkHj
USOE0fkiVJJO0sDiV2MdpdHilb817eL8zo31Y/lmoqW9fZStOE/OBh21I36auAmT
ByUnaTym4waJWPrVCNmKNv5vV2V1KhInq10nIYK3vevrdXNjxUQ=
=w+Ow
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5860-1] linux security update
Next by Date: [SECURITY] [DSA 5863-1] libtasn1-6 security update
Previous by thread: [SECURITY] [DSA 5860-1] linux security update
Next by thread: [SECURITY] [DSA 5863-1] libtasn1-6 security update
Index(es):
- Date
- Thread