Cacti: Multiple vulnerabilities — GLSA 201607-05

Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code.

Affected packages

Package	net-analyzer/cacti on all architectures
Affected versions	< 0.8.8h
Unaffected versions	>= 0.8.8h

Background

Cacti is a complete frontend to rrdtool.

Description

Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process, or remote authenticated users could bypass intended access restrictions.

Workaround

There is no known workaround at this time.

Resolution

All Cacti users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8h"

References

CVE-2014-5261
CVE-2014-5262
CVE-2015-8369
CVE-2015-8377
CVE-2015-8604
CVE-2016-2313
CVE-2016-3172
CVE-2016-3659

Release date
July 16, 2016

Latest revision
July 16, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries

519900
568400
570984
574412
582996