diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-05-31 10:28:52 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-05-31 10:29:10 +0000 |
commit | 57717bd40005bcde9547439ed69fdf006eacc625 (patch) | |
tree | afc0a6ae7d9bf35543d56ab46a4db49712eedbe9 | |
parent | 97be743a21cc726b2115cc679c718951baa5a98a (diff) | |
download | aports-57717bd40005bcde9547439ed69fdf006eacc625.tar.bz2 aports-57717bd40005bcde9547439ed69fdf006eacc625.tar.xz |
main/cacti: security fix (CVE-2015-8377). Fixes #4997
-rw-r--r-- | main/cacti/APKBUILD | 6 | ||||
-rw-r--r-- | main/cacti/CVE-2015-8377.patch | 28 |
2 files changed, 33 insertions, 1 deletions
diff --git a/main/cacti/APKBUILD b/main/cacti/APKBUILD index b82a94b3e7..21f05c96e1 100644 --- a/main/cacti/APKBUILD +++ b/main/cacti/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Jeff Bilyk <jbilyk@gmail.com> pkgname=cacti pkgver=0.8.8f -pkgrel=2 +pkgrel=3 pkgdesc="Network monitoring tool based on RRDtool" url="http://www.cacti.net" arch="noarch" @@ -10,6 +10,7 @@ depends="mysql php php-mysql php-snmp rrdtool net-snmp php-sockets php-xml php-g makedepends="" source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz CVE-2015-8369.patch + CVE-2015-8377.patch CVE-2015-8604.patch " @@ -35,10 +36,13 @@ package() { } md5sums="8d90642b362f80c46c489c5531e2ba90 cacti-0.8.8f.tar.gz aad7eea5843fe6518bd5ac2c83f4681b CVE-2015-8369.patch +8a7086b787c5cfcf95b28a093cf41e26 CVE-2015-8377.patch d2d7a561ddad59bcf4e1092c048d26c0 CVE-2015-8604.patch" sha256sums="2ea92407c11bf13302558a5bc9e1f3a57bd14a1d9ded48c505ec495762f76738 cacti-0.8.8f.tar.gz 8f6ffaa2fd7ceb929ccae471ff7e2b462d37ac62c9ce8cffde635205d0eb03d8 CVE-2015-8369.patch +ddce016291decd98a8478f32c94e1f70e55d566c4a222d65437cadbbcd012b3f CVE-2015-8377.patch 766a50cb6d14a0d03811e6332d4d46b6f6717574de370d2d6ab50c2c9b164e73 CVE-2015-8604.patch" sha512sums="b712a9f8b7bee632cb4982fed72793ac2f4d70aa042784bbd2fd3923a27901f457393aa95bbd63960187e85fe462c35e88fa3cd93e8537a3a68f94bdbf5d7f2b cacti-0.8.8f.tar.gz 1a7de23cf9937905463a2634840fa8878d650e1562565b99ae4f1e7a0200f9942ab2d9f59c7824cbadce9c2e9ee40e5639f8ac8ceba1a4d0349585583d301019 CVE-2015-8369.patch +92f9a02fac66c035aaf5947ae7109661ddb0baf9108bc8a6829515b420b2d30f416010068b871401cb0f63bc63031d8440b63e7a1d125ee0b3454cb21f3d6496 CVE-2015-8377.patch 9677039934b0ce4c42f31437591b2b1d37303e3009c5d773700ffab7e92d20183156f9ec2659bb38876f44095cc2886c0afc9cc03bd950832be2e96dc02620b1 CVE-2015-8604.patch" diff --git a/main/cacti/CVE-2015-8377.patch b/main/cacti/CVE-2015-8377.patch new file mode 100644 index 0000000000..51f52e17e3 --- /dev/null +++ b/main/cacti/CVE-2015-8377.patch @@ -0,0 +1,28 @@ +Description: SQL injection vulnerability in the host_new_graphs_save function + in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users + to execute arbitrary SQL commands via crafted serialized data in the + selected_graphs_array parameter in a save action. +Author: Chris Lamb <lamby@debian.org> and Paul Gevers <elbrus@debian.org> +Bug: http://bugs.cacti.net/view.php?id=2655 +Index: cacti/graphs_new.php +=================================================================== +--- cacti.orig/graphs_new.php ++++ cacti/graphs_new.php +@@ -183,11 +183,17 @@ function host_new_graphs_save() { + + while (list($form_id1, $form_array2) = each($form_array)) { + /* enumerate information from the arrays stored in post variables */ ++ /* ================= input validation ================= */ ++ input_validate_input_number($form_id1); ++ /* ==================================================== */ + if ($form_type == "cg") { + $graph_template_id = $form_id1; + }elseif ($form_type == "sg") { + while (list($form_id2, $form_array3) = each($form_array2)) { + $snmp_index_array = $form_array3; ++ /* ================= input validation ================= */ ++ input_validate_input_number($form_id2); ++ /* ==================================================== */ + + $snmp_query_array["snmp_query_id"] = $form_id1; + $snmp_query_array["snmp_index_on"] = get_best_data_query_index_type($_POST["host_id"], $form_id1); |