Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0201 cacti security update 20 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: cacti Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-7106 Reference: ESB-2020.0197 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : cacti Version : 0.8.8b+dfsg-8+deb8u9 CVE ID : CVE-2020-7106 It was discovered that there were a number of cross-site scripting vulnerabilities in cacti, a web interface for monitoring systems. For Debian 8 "Jessie", this issue has been fixed in cacti version 0.8.8b+dfsg-8+deb8u9. We recommend that you upgrade your cacti packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4jD4YACgkQHpU+J9Qx Hlj/kQ//WsCueUxWFRjMD7NRqWwYPnfrigksxxjNYpfeCDYh5pPqr1/9uRGsr7nO IAtcBpNFwdSYFbLYRhjeYweBZtrB87NePlY+ftEsnjDNGXXNoRQ901kU9M1HY7d9 RmOKKXflMcRca+YwQwaBH+2b5PHJt76fvxbT6QDXQHm1tyKb+9gxf9SXoMeZqNE2 4IWHAAOwnTaCK39I7u+mch35EyhMGSwFhFuaZxxV7Pr8aVI9VmcRD8TIlVRh1dqv F1nRvONlIcYobUQo9Z/tqh3sF8cNmEl4ItMD9MnEWwtVhGOVu92aP6gPZkcL5o7Y EKv2ajhuNRRszQX+7/0LlZZcdT9xIrq03vEh6H7IEvtsuS7uH8L9dHCq2yus2KfB smEY1/Rpvuxoy3XBobErHKoTQZm8xb0eG1YVKxVpwkGzYOeRCed39IqS2VB/NPRS OmbXDrYQHX8w/rhVPuJvywZDiL4qovlG0hfNXDIPGU5Bha6ZNQ1Xz7bmCMToqq10 bTHuOgxr6a8OAYnFLCepCUfwriQgS7L5OHabQbMpuBXJR1FBRR/7wUd2MpLnUGqF xq2zQieFmaJx4T3u8CQHx+sbWMcSGY7yW0VKUZgoYzhqLqUDrj4QapZ6vIjD1dyR cxemB2nKEzFp4qbjDh9EALXJ0nLotrA0lKzE5sRyRLCj3Fk2Qqc= =YPxh - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXiUsZ2aOgq3Tt24GAQjZxg/7BL5djabByVQVANlOszr8xD9ESIvK2jy5 spzYSoDVflyFALeTuJ1eQLjbUEeBc0+xDu3q6zdhnsB23LRTYOsD/EyBJl3ay8Jo LdF68EkAUnUS1K/Kut05pKz6Tv2bnmsPIJELPJihbGQpxfxTUnrGTbLhjihv2Hh0 ufXZ/6G8EHGlEkWzj/7ZbOPqn/+IPNsmSa03Oft2EsGg4KdBUfZhW30DTCsd/AD3 /blfjk+htp5ArTJP/vZUqa+C0ocUR+NM4rvJXEBhu0Dho6EcRGD4K57bljZHpA98 +nEkymcyE/ad/t/scXRIXUo0UgzaGPAkdx4X1GTwJ78NaW+OMMoZM6dE7BnR5GzS 6d/nKD6q4HP8iSqe4V/Hd3xYU1yYcF7e4gHZlZGznc3YUrWbigehjilp0ZAj0KN/ WhUszlVmfcN0aaeFbSvlaDo/S9J8jzkIzZno+lNl8HfIrbVnJtuS1Z/lDH567fL9 jkWytFc1caDzuRWA7o3kEBQ3qA/VOFpVmj9lN4ZX6jgksUjfEF1nKpx0NWj7kCD1 P3j5g/TBtFKIccV6/izFr2VwO5KrkpVaXwEgZIrC50Tn9aFojp+i1Xw3TuezFFps AfuqhcI+VHg9KBOdt5T2Al0TNiA1ff/V+t44fY0VsG72fiT1VsvSO6ovEVPj0Ds9 EGNRhtmL0oc= =ZAwu -----END PGP SIGNATURE-----