Update Info

openSUSE-2022-145


Security update for cacti, cacti-spine


Type: security
Severity: moderate
Issued: 2022-05-24
Description:
This update for cacti, cacti-spine fixes the following issues:

cacti-spine was updated to 1.2.20:

  * Add support for newer versions of MySQL/MariaDB
  * When checking for uptime of device, don't assume a non-response
    is always fatal
  * Fix description and command trunctation issues
  * Improve spine performance when only one snmp agent port is in
    use

cacti-spine 1.2.19:

  * Fix 1ssues with polling loop may skip some datasources
  * Fix ping no longer works due to hostname changes
  * Fix RRD steps are not always calculated correctly
  * Fix unable to build when DES no longer supported
  * Fix IPv6 devices are not properly parsed
  * Reduce a number of compiler warnings
  * Fix compiler warnings due to lack of return in thread_mutex_trylock
  * Fix Spine will not look at non-timetics uptime when sysUpTimeInstance overflows
  * Improve performance of Cacti poller on heavily loaded systems

cacti-spine 1.2.20:

  * Add support for newer versions of MySQL/MariaDB
  * When checking for uptime of device, don't assume a non-response
    is always fatal
  * Fix description and command trunctation issues
  * Improve spine performance when only one snmp agent port is in
    use

cacti was updated to 1.2.20:

  * Security fix for CVE-2022-0730, boo#1196692
    Under certain ldap conditions, Cacti authentication can be
    bypassed with certain credential types.
  * Security fix: Device, Graph, Graph Template,
    and Graph Items may be vulnerable to XSS issues
  * Security fix: Lockout policies are not properly applied to LDAP
    and Domain Users
  * Security fix: When using 'remember me' option, incorrect realm
    may be selected
  * Security fix: User and Group maintenance are vulnerable to SQL attacks
  * Security fix: Color Templates are vulnerable to XSS attack
  * Features:
    * When creating a Data Source Profile, allow additional choices for Heartbeat
    * Change select all options to use Font Awesome icons
    * Improve spine performance by storing the total number of system snmp_ports in use
    * Prevent Template User Accounts from being Removed
    * When managing by users, allow filtering by Realm
    * Allow plugins to supply template account names
    * When viewing logs, additional message types should be filterable
    * When creating a Graph Template Item, allow filtering by Data Template
    * Allow language handler to be selected via UI
    * Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco
    * Add Advanced Ping Graph Template to initial Installable templates
    * Add LDAP Debug Mode option
    * Allow Reports to include devices not on a Tree
    * Allow Basic Authentication to display custom failure message
  * Fix: When replicating data during installation/upgrade,
    system may appear to hang
  * Fix: Graph Template Items may have duplicated entries
  * Fix: Unable to Save Graph Settings
  * Fix: Script Server may crash if an OID is missing or unavailable
  * Fix: When system-wide polling is disabled,
    remote pollers may fail to sync changed settings
  * Fix: When updating poller name, duplicate name protection may be over zealous
  * Fix: Titles may show "Missing Datasource" incorectly
  * Fix: Checking for MIB Cache can cause crashes
  * Fix: Polling cycles may not always complete as expected
  * Fix: When viewing graph data, non-numeric values may appear
  * Fix: Utilities view has calculation errors when there are no data sources
  * Fix: When editing Reports, drag and drop may not function as intended
  * Fix: When data drive is full, viewing a Graph can result in errors
  * Various other bug fixes

cacti 1.2.19:

  * Further fixes for grave character security protection (boo#1192408)
  * Fix Over aggressive escaping causing menu visibility issues on Create Device page
  * Add SHA256 and AES256 security levels for SNMP polling
  * Import graph template(Preview Only) show color_id new value as a blank area
  * Fix Editing graphs errors due to missing sequence
  * Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen
  * Fix 2hen RealTime is not active, console errors may appear
  * Fix race conditions may occur when multiple RRDtool processes are running
  * Fix errors creating graphs from templates
  * Fix errors when duplicating reports
  * Fix Boost may be blocked by overflowing poller_output table
  * Fix Template import may be blocked due to unmet dependency warnings with snmp ports
  * Fix Newer MySQL versions may error if committing a transaction when not in one
  * Fix SNMP Agent may not find a cache item
  * Fix Correct issues running under PHP 8.x
  * Fix When polling is disabled, boost may crash and creates many arch tables
  * Fix When poller runs, memory tables may not always be present
  * Fix Timezones may sometimes be incorrectly calculated
  * Fix Allow monitoring IPv6 with interface graphs
  * Fix When a data source uses a Data Input Method, those without a mapping should be flagged
  * Fix When RRDfile is not yet created, errors may appear when displaying the graph
  * Fix Cacti missing key indexes that result in Preset pages slowdowns
  * Fix Data Sources page shows no name when Data Source has no name cache
  * Fix db_update_table function can not alter table from signed to unsigned
  * Fix data remains in poller_output table even if it's flushed to rrd files
  * Fix Parameter list for lib/database.php:db_connect_real() is not correct in 3 places
  * Fix Offset is a reserved word in MariaDB 10.6 affecting Report
  * Fix Rendering large trees slowed due to lack of permission caching
  * Fix Error on interpretation of snmpUtime, when to big
  * Fix Applying right axis formatting creates an error-image
  * Fix Unable to Save Graph Settings from the Graphs pages
  * Fix Graph Template Cache is nullified too often when Graph Automation is running
  * Fix When Adding a Data Query to a Device, no Progress Spinner is shown
  * Fix New Browser Breaks Plugins that depend on non UTC date time data
  * Fix errors when testing remote poller connectivity
  * Fix errors when renaming poller
  * Fix Removing spikes by Variance does not appear to be working beyond the first RRA
  * Fix LDAP API lacks timeout options leading to bad login experiences
  * Add a normal/wrap class for general use
  * Limit File Types available for Template Import operations
  * Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication
  * Support Stronger Encryption Available Starting in Net-SNMP v5.8
  * Allow Cacti to use multiple possible LDAP servers
  * Add a 15 minute polling/sampling interval
  * Provide additional admin email notifications
  * Add warnings for undesired changes to plugin hook return values
  * When creating a Graph, make testing the Data Sources optional by Template
  * Update phpseclib to 2.0.33
  * Update jstree.js to 3.3.12
  * Improve performance of Cacti poller on heavily loaded systems
  * MariaDB recommendations need some tuning for recent updates



              

Packages


  • cacti-spine-1.2.20-bp153.2.9.1
  • cacti-1.2.20-bp153.2.9.1