openSUSE Security Update: Security update for cacti, cacti-spine
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:10170-1
Rating:             moderate
References:         #1203952 
Affected Products:
                    SUSE Linux Enterprise High Performance Computing 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server 12-SP4
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12
                    SUSE Linux Enterprise Server for SAP Applications 12-SP3
                    SUSE Linux Enterprise Server for SAP Applications 12-SP4
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update for cacti, cacti-spine fixes the following issues:

   cacti-spine 1.2.22, delivering a number of bug fixes:

   * When polling time is exceed, spine does not always exit as expected
   * Spine logging at `-V 5` includes an extra line feed
   * Incorrect SNMP responses can cause spine to crash
   * Properly handle devices that timeout responding to the Extended Uptime
   * MariaDB can cause spine to abort prematurely despite error handling
   * Spine should log the error time when exiting via signal

   cacti-spine 1.2.21:

   * Disable DES if Net-SNMP doesn't have it

   cacti 1.2.22, providing one security fix, a number of bug fixes and a
   collection of improvements:

   * When creating new graphs, cross site injection is possible (boo#1203952)
   * When creating user from template, multiple Domain FullName and Mail are
     not propagated
   * Nectar Aggregate 95th emailed report broken
   * Boost may not find archive tables correctly
   * Users may be unable to change their password when forced during a login
   * Net-SNMP Memory Graph Template has Wrong GPRINT
   * Search in tree view unusable on larger installations
   * Increased bulk insert size to avoid partial inserts and potential data
     loss.
   * Call to undefined function boost_debug in Cacti log
   * When no guest template is set, login cookies are not properly set
   * Later RRDtool releases do not need to check last_update time
   * Regex filters are not always long enough
   * Domains based LDAP and AD Fullname and Email not auto-populated
   * Cacti polling and boost report the wrong number of Data Sources when
     Devices are disabled
   * When editing Graph Template Items there are cases where VDEF's are
     hidden when they should be shown
   * Database SSL setting lacks default value
   * Update default path cacti under *BSD by xmacan
   * Web Basic authentication not creating template user
   * Unable to change the Heartbeat of a Data Source Profile
   * Tree Search Does Not Properly Search All Trees
   * When structured paths are setup, RRDfiles may not always be created when
     possible
   * When parsing the logs, caching would help speed up processing
   * Deprecation warnings when attempting real-time Graphs with PHP8.1
   * Custom Timespan is lost when clicking other tree branches
   * Non device based Data Sources not being polled
   * When Resource XML file inproperly formatted, graph creation can fail
     with errors   * Update code style to support PHP 8 requirements
   * None" shows all graphs
   * Realtime popup window experiences issues on some browsers   * Auth settings do not always properly reflect the options selected by
     ddb4github
   * MySQL can cause cacti to become stalled due to locking issues
   * Boost process can get hung under rare conditions until the poller times
     out
   * Exporting graphs under PHP 8 can cause errors   * Host table has wrong default for disabled and deleted columns
   * RRD storage paths do not scale properly
   * When importing, make it possible to only import certain components
   * Update change_device script to include new features by bmfmancini
   * Make help pages use latest online version wherever possible
   * Cacti should show PHP INI locations during install
   * Detect PHP INI values that are different in the INI vs running config
   * Added Gradient Color support for AREA charts by thurban
   * Update CDEF functions for RRDtool
   * When boost is running, it's not clear which processes are running and
     how long they have to complete

   cacti 1.2.21:

   * Add a CLI script to install/enable/disable/uninstall plugins
   * Add log message when purging DS stats and poller repopulate
   * A collection of bug fixes


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Package Hub for SUSE Linux Enterprise 12:

      zypper in -t patch openSUSE-2022-10170=1



Package List:

   - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

      cacti-spine-1.2.22-23.1

   - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

      cacti-1.2.22-29.1


References:

   https://bugzilla.suse.com/1203952

openSUSE: 2022:10170-1 moderate: cacti, cacti-spine

October 30, 2022
An update that contains security fixes can now be installed

Description

This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.22, delivering a number of bug fixes: * When polling time is exceed, spine does not always exit as expected * Spine logging at `-V 5` includes an extra line feed * Incorrect SNMP responses can cause spine to crash * Properly handle devices that timeout responding to the Extended Uptime * MariaDB can cause spine to abort prematurely despite error handling * Spine should log the error time when exiting via signal cacti-spine 1.2.21: * Disable DES if Net-SNMP doesn't have it cacti 1.2.22, providing one security fix, a number of bug fixes and a collection of improvements: * When creating new graphs, cross site injection is possible (boo#1203952) * When creating user from template, multiple Domain FullName and Mail are not propagated * Nectar Aggregate 95th emailed report broken * Boost may not find archive tables correctly * Users may be unable to change their password when forced during a login * Net-SNMP Memory Graph Template has Wrong GPRINT * Search in tree view unusable on larger installations * Increased bulk insert size to avoid partial inserts and potential data loss. * Call to undefined function boost_debug in Cacti log * When no guest template is set, login cookies are not properly set * Later RRDtool releases do not need to check last_update time * Regex filters are not always long enough * Domains based LDAP and AD Fullname and Email not auto-populated * Cacti polling and boost report the wrong number of Data Sources when Devices are disabled * When editing Graph Template Items there are cases where VDEF's are hidden when they should be shown * Database SSL setting lacks default value * Update default path cacti under *BSD by xmacan * Web Basic authentication not creating template user * Unable to change the Heartbeat of a Data Source Profile * Tree Search Does Not Properly Search All Trees * When structured paths are setup, RRDfiles may not always be created when possible * When parsing the logs, caching would help speed up processing * Deprecation warnings when attempting real-time Graphs with PHP8.1 * Custom Timespan is lost when clicking other tree branches * Non device based Data Sources not being polled * When Resource XML file inproperly formatted, graph creation can fail with errors * Update code style to support PHP 8 requirements * None" shows all graphs * Realtime popup window experiences issues on some browsers * Auth settings do not always properly reflect the options selected by ddb4github * MySQL can cause cacti to become stalled due to locking issues * Boost process can get hung under rare conditions until the poller times out * Exporting graphs under PHP 8 can cause errors * Host table has wrong default for disabled and deleted columns * RRD storage paths do not scale properly * When importing, make it possible to only import certain components * Update change_device script to include new features by bmfmancini * Make help pages use latest online version wherever possible * Cacti should show PHP INI locations during install * Detect PHP INI values that are different in the INI vs running config * Added Gradient Color support for AREA charts by thurban * Update CDEF functions for RRDtool * When boost is running, it's not clear which processes are running and how long they have to complete cacti 1.2.21: * Add a CLI script to install/enable/disable/uninstall plugins * Add log message when purging DS stats and poller repopulate * A collection of bug fixes

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2022-10170=1


Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): cacti-spine-1.2.22-23.1 - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch): cacti-1.2.22-29.1


References

https://bugzilla.suse.com/1203952


Severity
Announcement ID: openSUSE-SU-2022:10170-1
Rating: moderate
Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Package Hub for SUSE Linux Enterprise 12 .

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved