Cacti 1.2.8 Security und Bugfix Release

Dieses Release das graphischen RRDTool, Cacti, stammt noch aus dem Dezember, ich habe es jedoch erst jetzt erfahren. Das Cacti Release 1.2.8 schließt 2 kritische Sicherheitslücken und behebt diverse Fehler.

Cacti 1.2.8. Release Notes

security#3025: CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
security#3026: CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
security#3066: When using HTTPS, secure cookie to prevent potential weakness
issue#1228: Any tree or branch with a long name force main content off screen
issue#2133: Long snmp_indexes are being cut off
issue#2888: Long hostnames cause template filter to go off page
issue#2987: Changing Color Template does not update Aggregate
issue#2989: Allow Remote Data Collectors to maintain their own path variables
issue#2991: Cacti Statistics device template can generate unexpected errors
issue#2995: When editing a report, column setting may be ignored incorrectly
issue#2996: When editing a user, graph options do not properly reflect previously saved settings
issue#2998: Session performance issues due to excessive use for database storage
issue#2999: Blank arguments can lead to extra spaces in script arguments
issue#3006: Boost generates undefined variables warning during poller run
issue#3011: i18n logging does not check write permission exists
issue#3012: When viewing realtime graphs, some input variables are not properly checked
issue#3013: Allow legends to be modified for Aggregate Graphs
issue#3017: Automation network range with spaces fails validation
issue#3019: User selected language is not always adhered to
issue#3021: Tree view cuts off at the bottom of page on modern theme
issue#3023: When clicking highlighted tab, side panel is not always shown/hidden correctly
issue#3027: Aggregate Graph re-ordering does not work
issue#3028: When zooming a graph, unable to reach edge of graph without losing focus
issue#3030: Pace continues to run even after a page is finished rendering
issue#3032: Graphs may select MAX instead of AVERAGE as consolidation function even if there is no item with MAX present.
issue#3035: When editing a tree, can not remove entries due to CSS bug
issue#3037: When emptying poller output using cli, debug functions are not properly included
issue#3039: Allow packagers to be able to specify an alternate location of csrf-secret.php file
issue#3040: When running automation, discovery can still run even if cancelled
issue#3041: When running automation, scans do not always respond to being cancelled
issue#3042: When running automation, scan can fail when selecting remote pollers
issue#3045: When viewing Aggregate Graphs, an error due to undefined referrer may occur
issue#3047: When saving settings, ignore remote pollers who have not checked in recently
issue#3050: When viewing graph trees, some input variables are not properly checked
issue#3052: When editing CDEF’s, slow database performance can occur
issue#3053: When viewing graph thumbnails, some input variables are not properly checked
issue#3055: During install/upgrade, database tests are not performed correctly
issue#3059: When using nth_percentile, correct value is not always returned if using MAX consolidation
issue#3060: When upgrading from older MySQL databases, format is not changed from compact to dynamic
issue#3061: When running automation, allow SNMP to be used as a ping method
issue#3068: When administrating users, some input variables are not properly checked
issue#3070: Improve database logging when a crashed table is encountered
issue#3073: Automation network range does not always produce the correct start/end values
issue#3078: When viewing graph debug from remote data collector, File Not Found warnings can appear incorrectly
issue#3079: Allow domain names to be stripped from a device’s long description
issue#3080: Remote Agent throws warnings that graph_nolegend has not been sanitized
issue#3085: When editing a poller, ensure each listening IP is unique
issue#3081: External Links are not showing a glyph when they appear on the Console menu
issue#3089: When viewing graphs in realtime, undefined variable can be logged for 95th Percentile graphs
issue#3099: Graph template ‘Linux – Memory Usage’ has the wrong unit on its vertical_label
issue#3101: Polling times can be slightly inconsistent due
issue#3104: When viewing graphs, a byref error can be seen in the error logs
issue#3105: When viewing hosts, some input variables are not properly checked
issue#3111: When adding devices via command line, bad SNMP versions are not reported
issue#3112: When zooming on Graphs, too many requests are being made causing slowness
issue#3114: Support for USB devices that change name due to their hosts restarting
issue#3118: When converting tables, the dynamic row format should be selected
issue#3119: Main Data Collector should perform a Full Sync whenever it is installed/upgraded
issue#3120: Correct issues causing incompatibility with PHP 7.4
issue#3121: When converting tables during install, show what will be changed
issue#3123: Named colors table is not properly imported/upgraded
issue#3124: When a second data collector is added, boost is not enabled automatically
issue#3128: i18n handler checks for existence of wrong mo file
issue#3129: Logout repeated occurs even when already logged out
issue#3132: Installer fails to continue if automation range is array of networks
feature#3077: Allow disabling remote poller resource cache replication to support upgrade testing

Quelle: https://www.cacti.net/release_notes.php?version=1.2.8

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.