-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0201
                           cacti security update
                              20 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           cacti
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-7106  

Reference:         ESB-2020.0197

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : cacti
Version        : 0.8.8b+dfsg-8+deb8u9
CVE ID         : CVE-2020-7106

It was discovered that there were a number of cross-site scripting
vulnerabilities in cacti, a web interface for monitoring systems.

For Debian 8 "Jessie", this issue has been fixed in cacti version
0.8.8b+dfsg-8+deb8u9.

We recommend that you upgrade your cacti packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- - -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4jD4YACgkQHpU+J9Qx
Hlj/kQ//WsCueUxWFRjMD7NRqWwYPnfrigksxxjNYpfeCDYh5pPqr1/9uRGsr7nO
IAtcBpNFwdSYFbLYRhjeYweBZtrB87NePlY+ftEsnjDNGXXNoRQ901kU9M1HY7d9
RmOKKXflMcRca+YwQwaBH+2b5PHJt76fvxbT6QDXQHm1tyKb+9gxf9SXoMeZqNE2
4IWHAAOwnTaCK39I7u+mch35EyhMGSwFhFuaZxxV7Pr8aVI9VmcRD8TIlVRh1dqv
F1nRvONlIcYobUQo9Z/tqh3sF8cNmEl4ItMD9MnEWwtVhGOVu92aP6gPZkcL5o7Y
EKv2ajhuNRRszQX+7/0LlZZcdT9xIrq03vEh6H7IEvtsuS7uH8L9dHCq2yus2KfB
smEY1/Rpvuxoy3XBobErHKoTQZm8xb0eG1YVKxVpwkGzYOeRCed39IqS2VB/NPRS
OmbXDrYQHX8w/rhVPuJvywZDiL4qovlG0hfNXDIPGU5Bha6ZNQ1Xz7bmCMToqq10
bTHuOgxr6a8OAYnFLCepCUfwriQgS7L5OHabQbMpuBXJR1FBRR/7wUd2MpLnUGqF
xq2zQieFmaJx4T3u8CQHx+sbWMcSGY7yW0VKUZgoYzhqLqUDrj4QapZ6vIjD1dyR
cxemB2nKEzFp4qbjDh9EALXJ0nLotrA0lKzE5sRyRLCj3Fk2Qqc=
=YPxh
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXiUsZ2aOgq3Tt24GAQjZxg/7BL5djabByVQVANlOszr8xD9ESIvK2jy5
spzYSoDVflyFALeTuJ1eQLjbUEeBc0+xDu3q6zdhnsB23LRTYOsD/EyBJl3ay8Jo
LdF68EkAUnUS1K/Kut05pKz6Tv2bnmsPIJELPJihbGQpxfxTUnrGTbLhjihv2Hh0
ufXZ/6G8EHGlEkWzj/7ZbOPqn/+IPNsmSa03Oft2EsGg4KdBUfZhW30DTCsd/AD3
/blfjk+htp5ArTJP/vZUqa+C0ocUR+NM4rvJXEBhu0Dho6EcRGD4K57bljZHpA98
+nEkymcyE/ad/t/scXRIXUo0UgzaGPAkdx4X1GTwJ78NaW+OMMoZM6dE7BnR5GzS
6d/nKD6q4HP8iSqe4V/Hd3xYU1yYcF7e4gHZlZGznc3YUrWbigehjilp0ZAj0KN/
WhUszlVmfcN0aaeFbSvlaDo/S9J8jzkIzZno+lNl8HfIrbVnJtuS1Z/lDH567fL9
jkWytFc1caDzuRWA7o3kEBQ3qA/VOFpVmj9lN4ZX6jgksUjfEF1nKpx0NWj7kCD1
P3j5g/TBtFKIccV6/izFr2VwO5KrkpVaXwEgZIrC50Tn9aFojp+i1Xw3TuezFFps
AfuqhcI+VHg9KBOdt5T2Al0TNiA1ff/V+t44fY0VsG72fiT1VsvSO6ovEVPj0Ds9
EGNRhtmL0oc=
=ZAwu
-----END PGP SIGNATURE-----