Security update for cacti
cacti was updated to fix the following vulnerabilities:
- CVE-2015-8369: SQL injection in graph.php (boo#958863)
- CVE-2015-8604: SQL injection in graphs_new.php (boo#960678)
- CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php (boo#958977)
- CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access (boo#965930)
cacti-spine was updated to match the cacti version, fixing a number of upstream bugs.
- Submitted by Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#958863
VUL-0: CVE-2015-8369: cacti: SQL injection in graph.php
bnc#960678
VUL-0: CVE-2015-8604: cacti: SQL injection vulnerability in graphs_new.php
bnc#958977
VUL-0: CVE-2015-8377: cacti: SQL injection in graphs_new.php
bnc#965930
VUL-0: CVE-2016-2313: cacti: Authentication using web authentication as a user not in the cacti database allows complete access