{"affected":[{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"cacti","purl":"pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"cacti-spine","purl":"pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"cacti","purl":"pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"cacti-spine","purl":"pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"cacti","purl":"pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"cacti-spine","purl":"pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"cacti","purl":"pkg:rpm/opensuse/cacti&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"cacti-spine","purl":"pkg:rpm/opensuse/cacti-spine&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"cacti","purl":"pkg:rpm/opensuse/cacti&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cacti":"1.2.22-bp154.2.3.1","cacti-spine":"1.2.22-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"cacti-spine","purl":"pkg:rpm/opensuse/cacti-spine&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.22-bp154.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cacti, cacti-spine fixes the following issues:\n\ncacti-spine 1.2.22, delivering a number of bug fixes:\n\n* When polling time is exceed, spine does not always exit as expected\n* Spine logging at `-V 5` includes an extra line feed\n* Incorrect SNMP responses can cause spine to crash\n* Properly handle devices that timeout responding to the Extended Uptime\n* MariaDB can cause spine to abort prematurely despite error handling\n* Spine should log the error time when exiting via signal\n\ncacti-spine 1.2.21:\n\n* Disable DES if Net-SNMP doesn't have it\n\ncacti 1.2.22, providing one security fix, a number of bug fixes and a collection of improvements:\n\n* When creating new graphs, cross site injection is possible\n  (boo#1203952)\n* When creating user from template, multiple Domain FullName and\n  Mail are not propagated\n* Nectar Aggregate 95th emailed report broken\n* Boost may not find archive tables correctly\n* Users may be unable to change their password when forced during\n  a login\n* Net-SNMP Memory Graph Template has Wrong GPRINT\n* Search in tree view unusable on larger installations\n* Increased bulk insert size to avoid partial inserts and potential\n  data loss.\n* Call to undefined function boost_debug in Cacti log\n* When no guest template is set, login cookies are not properly set\n* Later RRDtool releases do not need to check last_update time\n* Regex filters are not always long enough\n* Domains based LDAP and AD Fullname and Email not auto-populated\n* Cacti polling and boost report the wrong number of Data Sources\n  when Devices are disabled\n* When editing Graph Template Items there are cases where VDEF's\n  are hidden when they should be shown\n* Database SSL setting lacks default value\n* Update default path cacti under *BSD by xmacan\n* Web Basic authentication not creating template user\n* Unable to change the Heartbeat of a Data Source Profile\n* Tree Search Does Not Properly Search All Trees\n* When structured paths are setup, RRDfiles may not always be\n  created when possible\n* When parsing the logs, caching would help speed up processing\n* Deprecation warnings when attempting real-time Graphs with PHP8.1\n* Custom Timespan is lost when clicking other tree branches\n* Non device based Data Sources not being polled\n* When Resource XML file inproperly formatted, graph creation can\n  fail with errors\n* Update code style to support PHP 8 requirements\n* None' shows all graphs\n* Realtime popup window experiences issues on some browsers\n* Auth settings do not always properly reflect the options selected\n  by ddb4github\n* MySQL can cause cacti to become stalled due to locking issues\n* Boost process can get hung under rare conditions until the poller\n  times out\n* Exporting graphs under PHP 8 can cause errors\n* Host table has wrong default for disabled and deleted columns\n* RRD storage paths do not scale properly\n* When importing, make it possible to only import certain\n  components\n* Update change_device script to include new features by\n  bmfmancini\n* Make help pages use latest online version wherever possible\n* Cacti should show PHP INI locations during install\n* Detect PHP INI values that are different in the INI vs running\n  config\n* Added Gradient Color support for AREA charts by thurban\n* Update CDEF functions for RRDtool\n* When boost is running, it's not clear which processes are\n  running and how long they have to complete\n\ncacti 1.2.21:\n\n* Add a CLI script to install/enable/disable/uninstall plugins\n* Add log message when purging DS stats and poller repopulate\n* A collection of bug fixes\n","id":"openSUSE-SU-2022:10170-1","modified":"2022-10-30T15:06:55Z","published":"2022-10-30T15:06:55Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M4N2IME3ZV66JFS7PNXIVHLTVG4ZWSVC/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203952"}],"related":[],"summary":"Security update for cacti, cacti-spine","upstream":[]}