--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-e016baf8b3
2020-02-25 01:45:54.997901
--------------------------------------------------------------------------------
Name : cacti
Product : Fedora EPEL 8
Version : 1.2.9
Release : 1.el8
URL :
https://www.cacti.net/
Summary : An rrd based graphing tool
Description :
Cacti is a complete frontend to RRDTool. It stores all of the
necessary information to create graphs and populate them with
data in a MySQL database. The frontend is completely PHP
driven.
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.9 - CVE-2020-7106, CVE-2020-7237 Release notes:
https://www.cacti.net/release_notes.php?version=1.2.9
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 10 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.9-1
- Update to 1.2.9
- CVE-2020-7106, CVE-2020-7237
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Dec 11 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.8-1
- Update to 1.2.8
- CVE-2019-17357, CVE-2019-17358, CVE-2019-16723
* Sat Nov 30 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.7-1
- Update to 1.2.7
* Tue Sep 3 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.6-1
- Update to 1.2.6
* Thu Aug 22 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.5-4
- Don't require php-imap
* Sat Aug 3 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.5-3
- Require mariadb instead of mysql
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Jul 20 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.5-1
- Update to 1.2.5
* Sat Jun 8 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.4-1
- Update to 1.2.4
* Sun Mar 31 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.3-1
- Update to 1.2.3
* Mon Feb 25 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.2-1
- Update to 1.2.2
- SELinux improvements
- Packaging improvements
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 21 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.1-1
- Update to 1.2.1
* Sun Jan 6 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.0-2
- Spec file improvements
- Updated PHP libs/extensions
* Thu Jan 3 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.0-1
- Update to 1.2.0
- Provide nginx support
* Mon Dec 3 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.38-4
- Spec file improvements
- Updated logrotation settings
- Removed cacti user
- Changed rra file ownership to apache #1454755
* Wed Jul 25 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.38-3
- Fix for
https://github.com/Cacti/cacti/issues/1634
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.38-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 16 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.38-1
- Update to 1.1.38
* Mon Mar 26 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.37-1
- Update to 1.1.37
* Mon Feb 26 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.36-1
- Update to 1.1.36
* Tue Feb 13 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.35-1
- Update to 1.1.35
* Tue Feb 6 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.34-1
- Update to 1.1.34
* Wed Jan 24 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.33-1
- Update to 1.1.33
* Sun Nov 19 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.28-1
- Update to 1.1.28
- CVE-2017-16641, CVE-2017-16660, CVE-2017-16661, CVE-2017-16785
* Mon Oct 23 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.27-1
- Update to 1.1.27
* Tue Oct 17 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.26-1
- Update to 1.1.26
- CVE-2017-15194
* Mon Sep 18 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.24-1
- Update to 1.1.24
* Tue Sep 5 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.21-1
- Update to 1.1.21
* Mon Aug 21 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.19-1
- Update to 1.1.19
* Sun Aug 13 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.17-1
- Update to 1.1.17
* Sun Jul 30 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.16-1
- Update to 1.1.16
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.15-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Jul 25 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.15-1
- Update to 1.1.15
* Mon Jul 24 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.14-1
- Update to 1.1.14
* Fri Jul 14 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.13-1
- Update to 1.1.13
* Thu Jul 6 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.12-2
- Fix Cross-site Scripting (XSS) issue with link.php
* Wed Jul 5 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.12-1
- Update to 1.1.12
* Tue Jul 4 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.11-1
- Update to 1.1.11
* Mon Jun 12 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.10-1
- Update to 1.1.10
* Mon May 22 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.7-1
- Update to 1.1.7
* Sat May 13 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.6-2
- Fix PHP requirements
- Cacti db access not compatible with PHP 7 (#1450578)
* Mon May 8 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.6-1
- Update to 1.1.6
* Wed Apr 26 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.5-1
- Update to 1.1.5
* Mon Apr 24 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.4-1
- Update to 1.1.4
* Sun Apr 16 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.3-1
- Update to 1.1.3
* Wed Apr 12 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.2-2
- Work with several MySQL variants (#1440755)
* Mon Apr 3 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.2-1
- Update to 1.1.2
* Tue Mar 28 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.1-1
- Update to 1.1.1
* Mon Mar 20 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.1.0-1
- Update to 1.1.0
* Wed Mar 15 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.0.6-1
- Update to 1.0.6
* Mon Mar 13 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.0.5-1
- Update to 1.0.5
- Logfile improvements
- Added php-gd and php-process as dependency (#1430893)
* Mon Feb 27 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.0.4-1
- Update to 1.0.4
* Sat Feb 18 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.0.3-2
- Cacti 1.0.x spec file improvements
* Thu Feb 16 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.0.3-1
- Update to 1.0.3
* Sun Feb 12 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 1.0.2-1
- Update to 1.0.2
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.8h-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Jan 18 2017 Morten Stevens <mstevens(a)fedoraproject.org> - 0.8.8h-3
- Fixes for PHP7 backported from Arch Linux (#1390770)
* Tue Jun 28 2016 Jon Ciesla <limburgher(a)gmail.com> - 0.8.8h-2
- php7 Requires fix.
* Mon May 9 2016 Morten Stevens <mstevens(a)fedoraproject.org> - 0.8.8h-1
- Update to 0.8.8h
- CVE-2016-3659
* Fri Apr 15 2016 Morten Stevens <mstevens(a)fedoraproject.org> - 0.8.8g-1
- Update to 0.8.8g
- Improve spec file (#1302904)
* Fri Jan 29 2016 Morten Stevens <mstevens(a)fedoraproject.org> - 0.8.8f-2
- CVE-2015-8369: SQL Injection vulnerability in graph.php
- CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php
- CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php
* Fri Jan 29 2016 Morten Stevens <mstevens(a)fedoraproject.org> - 0.8.8f-1
- Update to 0.8.8f
* Fri Jun 27 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8b-7
- Patches for CVE-2014-4002 Cross-site scripting vulnerability
(RHBZ #1113035)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.8b-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Apr 7 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8b-5
- Patch for CVE-2014-2708 SQL injection issues in graph_xport.php
(RHBZ #1084258)
- Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
(RHBZ #1084258)
- Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122)
- Patch for CVE-2014-2328 use of exec-like function calls without safety
checks allow arbitrary command execution (RHBZ #1082122)
* Fri Feb 7 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8b-4
- Move cron to a separate file and require crontabs (RHBZ #947047). Thanks
J��hann B. Gu��mundsson.
- Update for systemd (RHBZ #947047). Thanks J��hann B. Gu��mundsson.
- Fix rpmlint warning about spaces-to-tabs
* Wed Sep 4 2013 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8b-3
- Fix comments in thumbnails (BZ #1004550)
* Mon Aug 26 2013 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8b-2
- Patch for CVE-2013-5588 and CVE-2013-5589 (BZ #1000860)
* Wed Aug 7 2013 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8b-1
- New upstream release (BZ #993042)
* Mon Jul 29 2013 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8a-9
- Use %{_pkgdocdir}, per
https://fedoraproject.org/wiki/Changes/UnversionedDocdirs
* Sun Jul 14 2013 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8a-8
- Improve security description in cacti's httpd conf (RHBZ #895823)
- Use improved treeview replacement patch (RHBZ #888207)
- rpmlint fixes
- trim RPM changelog
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.8a-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Jan 8 2013 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8a-6
- Add note to README.fedora about the default MySQL password
- Remove reference to "docs/INSTALL" in README.fedora (RHBZ #893122)
- Add dependency on net-snmp-utils (RHBZ #893150)
* Fri Jan 4 2013 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8a-5
- Install our README file as README.fedora
* Fri Jan 4 2013 Tom Callaway <spot(a)fedoraproject.org> - 0.8.8a-4
- remove non-free treeview bits (replace with jquery future code from 0.8.9 trunk)
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.8a-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jun 28 2012 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8a-2
- Add plugins directory (BZ #834355)
- Drop Fedora 15 (EOL) from logrotate syntax adjustment
* Mon Apr 30 2012 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8a-1
- New upstream release (BZ #817506)
- Drop upstreamed $url_path patch
* Wed Apr 11 2012 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8-3
- Patch $url_path to default to "/cacti/" (upstream bug 2217)
* Fri Apr 6 2012 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8-2
- Adjust httpd ACL conditionals to test the presence of mod_authz_core
(as discussed on fedora-devel)
* Wed Apr 4 2012 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.8-1
- New upstream release (BZ #809753).
* Mon Mar 26 2012 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.7i-4
- Adjust ACLs to support httpd 2.4.
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.7i-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 13 2011 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.7i-2
- Only set "su" logrotate parameter for F16 and above.
- Tweak mod_security rules.
* Mon Dec 12 2011 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.7i-1
- New upstream release (BZ #766573).
* Fri Nov 11 2011 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.7h-2
- block HTTP access to log and rra directories (#609856)
- overrides for mod_security
- set logrotate to su to cacti apache when rotating (#753079)
* Thu Oct 27 2011 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 0.8.7h-1
- New upstream release.
- Remove upstream'd mysql patch.
* Mon Aug 8 2011 Jon Ciesla <limb(a)jcomserv.net> - 0.8.7g-3
- Patch for MySQL 5.5, BZ 728513.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.7g-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jul 12 2010 Mike McGrath <mmcgrath(a)redhat.com> 0.8.7g-1
- Upstream released new version
* Mon May 24 2010 Mike McGrath <mmcgrath(a)redhat.com> - 0.8.7f-1
- Upstream released new version
- Contains security updates #595289
* Fri Apr 23 2010 Mike McGrath <mmcgrath(a)redhat.com> - 0.8.7e-4
- Pulling in patches from upstream
- SQL injection fix
- BZ #541279
* Tue Dec 1 2009 Mike McGrath <mmcgrath(a)redhat.com> - 0.8.7e-3
- Pulling in some official patches
- #541279
- #541962
* Sun Aug 16 2009 Mike McGrath <mmcgrath(a)redhat.com> - 0.8.7e-1
- Upstream released new version
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.7d-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue Mar 31 2009 Michael Schwendt <mschwendt(a)fedoraproject.org> - 0.8.7d-3
- Fix unowned cli directory (#473631)
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.7d-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sat Feb 21 2009 Mike McGrath <mmcgrath(a)redhat.com> - 0.8.7d-1
- Upstream released new version
* Mon Jul 28 2008 Mike McGrath <mmcgrath(a)redhat.com> - 0.8.7b-4
- Added cli directory
* Fri Jul 18 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0.8.7b-3
- fix my own mistake in the license tag
* Tue Jul 15 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0.8.7b-2
- fix license tag
* Thu Feb 14 2008 Mike McGrath <mmcgrath(a)redhat.com> - 0.8.7b-1
- Upstream released new version
* Fri Nov 23 2007 Mike McGrath <mmcgrath(a)redhat.com> - 0.8.7a-2
- db.php is now 640 instead of 660 - #396331
* Tue Nov 20 2007 Mike McGrath <mmcgrath(a)redhat.com> - 0.8.7a-1
- Upstream released new version
- Fixes for bug #391691 - CVE-2007-6035
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1798187 - CVE-2020-7237 cacti: remote code execution due to input validation
in Performance Boost Debug Log
https://bugzilla.redhat.com/show_bug.cgi?id=1798187
[ 2 ] Bug #1786609 - CVE-2019-17358 cacti: unsafe deserialization of user-controlled
data
https://bugzilla.redhat.com/show_bug.cgi?id=1786609
[ 3 ] Bug #1796208 - CVE-2020-7106 cacti: XSS due to lack of escaping on some pages
https://bugzilla.redhat.com/show_bug.cgi?id=1796208
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update cacti' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------