FERRAMENTAS LINUX: Atualização importante de segurança do openSUSE para o cacti, cacti-spine, aviso openSUSE: 2021:0787-1

segunda-feira, 24 de maio de 2021

Atualização importante de segurança do openSUSE para o cacti, cacti-spine, aviso openSUSE: 2021:0787-1




Confira !!

An update that fixes one vulnerability is now available.


   openSUSE Security Update: Security update for cacti, cacti-spine

______________________________________________________________________________


Announcement ID:    openSUSE-SU-2021:0787-1

Rating:             important

References:         #1180804 

Cross-References:   CVE-2020-35701

CVSS scores:

                    CVE-2020-35701 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H


Affected Products:

                    openSUSE Backports SLE-15-SP2

______________________________________________________________________________


   An update that fixes one vulnerability is now available.


Description:


   This update for cacti, cacti-spine fixes the following issues:


   cacti-spine was updated to 1.2.17:


   * Avoid triggering DDos detection in firewalls on large systems

   * Use mysql reconnect option properly

   * Fix possible creashes in various operations

   * Fix remote data collectors pushing too much data to main when performing

     diagnostics

   * Make spine more responsive when remote connection is down

   * Fix various MySQL issues

   * Make spine immune to DST changes


   cacti-spine 1.2.16:


   * Some developer debug log messages falsely labeled as WARNINGS

   * Remove the need of the dos2unix program

   * Fix Spine experiencing MySQL socket error 2002 under load

   * Under heavy load MySQL/MariaDB return 2006 and 2013 errors on query

   * Add backtrace output to stderr for signals

   * Add Data Source turnaround time to debug output


   cacti-spine 1.2.15:


   * Special characters may not always be ignored properly



   cacti was updated to 1.2.17:


   * Fix incorrect handling of fields led to potential XSS issues

   * CVE-2020-35701: Fix SQL Injection vulnerability (boo#1180804)

   * Fix various XSS issues with HTML Forms handling

   * Fix handling of Daylight Saving Time changes

   * Multiple fixes and extensions to plugins

   * Fix multiple display, export, and input validation issues

   * SNMPv3 Password field was not correctly limited

   * Improved regular expression handling for searcu

   * Improved support for RRDproxy

   * Improved behavior on large systems

   * MariaDB/MysQL: Support persistent connections and improve multiple

     operations and options

   * Add Theme 'Midwinter'

   * Modify automation to test for data before creating graphs

   * Add hooks for plugins to show customize graph source and customize

     template url

   * Allow CSRF security key to be refreshed at command line

   * Allow remote pollers statistics to be cleared

   * Allow user to be automatically logged out after admin defined period

   * When replicating, ensure Cacti can detect and verify replica servers



   This update was imported from the openSUSE:Leap:15.2:Update update project.



Patch Instructions:


   To install this openSUSE Security Update use the SUSE recommended installation methods

   like YaST online_update or "zypper patch".


   Alternatively you can run the command listed for your product:


   - openSUSE Backports SLE-15-SP2:


      zypper in -t patch openSUSE-2021-787=1




Package List:


   - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):


      cacti-spine-1.2.17-bp152.2.7.1


   - openSUSE Backports SLE-15-SP2 (noarch):


      cacti-1.2.17-bp152.2.10.1



References:


   https://www.suse.com/security/cve/CVE-2020-35701.html

   https://bugzilla.suse.com/1180804





Fonte

Até a próxima !!

Nenhum comentário:

Postar um comentário