Menü Schließen

Cacti 1.2.8 Security und Bugfix Release

Cacti Logo

Dieses Release das graphischen RRDTool, Cacti, stammt noch aus dem Dezember, ich habe es jedoch erst jetzt erfahren. Das Cacti Release 1.2.8 schließt 2 kritische Sicherheitslücken und behebt diverse Fehler.

Cacti 1.2.8. Release Notes

security#3025: CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
security#3026: CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
security#3066: When using HTTPS, secure cookie to prevent potential weakness
issue#1228: Any tree or branch with a long name force main content off screen
issue#2133: Long snmp_indexes are being cut off
issue#2888: Long hostnames cause template filter to go off page
issue#2987: Changing Color Template does not update Aggregate
issue#2989: Allow Remote Data Collectors to maintain their own path variables
issue#2991: Cacti Statistics device template can generate unexpected errors
issue#2995: When editing a report, column setting may be ignored incorrectly
issue#2996: When editing a user, graph options do not properly reflect previously saved settings
issue#2998: Session performance issues due to excessive use for database storage
issue#2999: Blank arguments can lead to extra spaces in script arguments
issue#3006: Boost generates undefined variables warning during poller run
issue#3011: i18n logging does not check write permission exists
issue#3012: When viewing realtime graphs, some input variables are not properly checked
issue#3013: Allow legends to be modified for Aggregate Graphs
issue#3017: Automation network range with spaces fails validation
issue#3019: User selected language is not always adhered to
issue#3021: Tree view cuts off at the bottom of page on modern theme
issue#3023: When clicking highlighted tab, side panel is not always shown/hidden correctly
issue#3027: Aggregate Graph re-ordering does not work
issue#3028: When zooming a graph, unable to reach edge of graph without losing focus
issue#3030: Pace continues to run even after a page is finished rendering
issue#3032: Graphs may select MAX instead of AVERAGE as consolidation function even if there is no item with MAX present.
issue#3035: When editing a tree, can not remove entries due to CSS bug
issue#3037: When emptying poller output using cli, debug functions are not properly included
issue#3039: Allow packagers to be able to specify an alternate location of csrf-secret.php file
issue#3040: When running automation, discovery can still run even if cancelled
issue#3041: When running automation, scans do not always respond to being cancelled
issue#3042: When running automation, scan can fail when selecting remote pollers
issue#3045: When viewing Aggregate Graphs, an error due to undefined referrer may occur
issue#3047: When saving settings, ignore remote pollers who have not checked in recently
issue#3050: When viewing graph trees, some input variables are not properly checked
issue#3052: When editing CDEF’s, slow database performance can occur
issue#3053: When viewing graph thumbnails, some input variables are not properly checked
issue#3055: During install/upgrade, database tests are not performed correctly
issue#3059: When using nth_percentile, correct value is not always returned if using MAX consolidation
issue#3060: When upgrading from older MySQL databases, format is not changed from compact to dynamic
issue#3061: When running automation, allow SNMP to be used as a ping method
issue#3068: When administrating users, some input variables are not properly checked
issue#3070: Improve database logging when a crashed table is encountered
issue#3073: Automation network range does not always produce the correct start/end values
issue#3078: When viewing graph debug from remote data collector, File Not Found warnings can appear incorrectly
issue#3079: Allow domain names to be stripped from a device’s long description
issue#3080: Remote Agent throws warnings that graph_nolegend has not been sanitized
issue#3085: When editing a poller, ensure each listening IP is unique
issue#3081: External Links are not showing a glyph when they appear on the Console menu
issue#3089: When viewing graphs in realtime, undefined variable can be logged for 95th Percentile graphs
issue#3099: Graph template ‘Linux – Memory Usage’ has the wrong unit on its vertical_label
issue#3101: Polling times can be slightly inconsistent due
issue#3104: When viewing graphs, a byref error can be seen in the error logs
issue#3105: When viewing hosts, some input variables are not properly checked
issue#3111: When adding devices via command line, bad SNMP versions are not reported
issue#3112: When zooming on Graphs, too many requests are being made causing slowness
issue#3114: Support for USB devices that change name due to their hosts restarting
issue#3118: When converting tables, the dynamic row format should be selected
issue#3119: Main Data Collector should perform a Full Sync whenever it is installed/upgraded
issue#3120: Correct issues causing incompatibility with PHP 7.4
issue#3121: When converting tables during install, show what will be changed
issue#3123: Named colors table is not properly imported/upgraded
issue#3124: When a second data collector is added, boost is not enabled automatically
issue#3128: i18n handler checks for existence of wrong mo file
issue#3129: Logout repeated occurs even when already logged out
issue#3132: Installer fails to continue if automation range is array of networks
feature#3077: Allow disabling remote poller resource cache replication to support upgrade testing

Quelle: https://www.cacti.net/release_notes.php?version=1.2.8

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert