{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for cacti, cacti-spine","title":"Title of the patch"},{"category":"description","text":"This update for cacti, cacti-spine fixes the following issues:\n\ncacti-spine 1.2.22, delivering a number of bug fixes:\n\n* When polling time is exceed, spine does not always exit as expected\n* Spine logging at `-V 5` includes an extra line feed\n* Incorrect SNMP responses can cause spine to crash\n* Properly handle devices that timeout responding to the Extended Uptime\n* MariaDB can cause spine to abort prematurely despite error handling\n* Spine should log the error time when exiting via signal\n\ncacti-spine 1.2.21:\n\n* Disable DES if Net-SNMP doesn't have it\n\ncacti 1.2.22, providing one security fix, a number of bug fixes and a collection of improvements:\n\n* When creating new graphs, cross site injection is possible\n  (boo#1203952)\n* When creating user from template, multiple Domain FullName and\n  Mail are not propagated\n* Nectar Aggregate 95th emailed report broken\n* Boost may not find archive tables correctly\n* Users may be unable to change their password when forced during\n  a login\n* Net-SNMP Memory Graph Template has Wrong GPRINT\n* Search in tree view unusable on larger installations\n* Increased bulk insert size to avoid partial inserts and potential\n  data loss.\n* Call to undefined function boost_debug in Cacti log\n* When no guest template is set, login cookies are not properly set\n* Later RRDtool releases do not need to check last_update time\n* Regex filters are not always long enough\n* Domains based LDAP and AD Fullname and Email not auto-populated\n* Cacti polling and boost report the wrong number of Data Sources\n  when Devices are disabled\n* When editing Graph Template Items there are cases where VDEF's\n  are hidden when they should be shown\n* Database SSL setting lacks default value\n* Update default path cacti under *BSD by xmacan\n* Web Basic authentication not creating template user\n* Unable to change the Heartbeat of a Data Source Profile\n* Tree Search Does Not Properly Search All Trees\n* When structured paths are setup, RRDfiles may not always be\n  created when possible\n* When parsing the logs, caching would help speed up processing\n* Deprecation warnings when attempting real-time Graphs with PHP8.1\n* Custom Timespan is lost when clicking other tree branches\n* Non device based Data Sources not being polled\n* When Resource XML file inproperly formatted, graph creation can\n  fail with errors\n* Update code style to support PHP 8 requirements\n* None' shows all graphs\n* Realtime popup window experiences issues on some browsers\n* Auth settings do not always properly reflect the options selected\n  by ddb4github\n* MySQL can cause cacti to become stalled due to locking issues\n* Boost process can get hung under rare conditions until the poller\n  times out\n* Exporting graphs under PHP 8 can cause errors\n* Host table has wrong default for disabled and deleted columns\n* RRD storage paths do not scale properly\n* When importing, make it possible to only import certain\n  components\n* Update change_device script to include new features by\n  bmfmancini\n* Make help pages use latest online version wherever possible\n* Cacti should show PHP INI locations during install\n* Detect PHP INI values that are different in the INI vs running\n  config\n* Added Gradient Color support for AREA charts by thurban\n* Update CDEF functions for RRDtool\n* When boost is running, it's not clear which processes are\n  running and how long they have to complete\n\ncacti 1.2.21:\n\n* Add a CLI script to install/enable/disable/uninstall plugins\n* Add log message when purging DS stats and poller repopulate\n* A collection of bug fixes\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2022-10170","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10170-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2022:10170-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M4N2IME3ZV66JFS7PNXIVHLTVG4ZWSVC/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2022:10170-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M4N2IME3ZV66JFS7PNXIVHLTVG4ZWSVC/"},{"category":"self","summary":"SUSE Bug 1203952","url":"https://bugzilla.suse.com/1203952"}],"title":"Security update for cacti, cacti-spine","tracking":{"current_release_date":"2022-10-30T15:06:55Z","generator":{"date":"2022-10-30T15:06:55Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2022:10170-1","initial_release_date":"2022-10-30T15:06:55Z","revision_history":[{"date":"2022-10-30T15:06:55Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"cacti-spine-1.2.22-bp154.2.3.1.aarch64","product":{"name":"cacti-spine-1.2.22-bp154.2.3.1.aarch64","product_id":"cacti-spine-1.2.22-bp154.2.3.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"cacti-spine-1.2.22-bp154.2.3.1.i586","product":{"name":"cacti-spine-1.2.22-bp154.2.3.1.i586","product_id":"cacti-spine-1.2.22-bp154.2.3.1.i586"}}],"category":"architecture","name":"i586"},{"branches":[{"category":"product_version","name":"cacti-1.2.22-bp154.2.3.1.noarch","product":{"name":"cacti-1.2.22-bp154.2.3.1.noarch","product_id":"cacti-1.2.22-bp154.2.3.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le","product":{"name":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le","product_id":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"cacti-spine-1.2.22-bp154.2.3.1.s390x","product":{"name":"cacti-spine-1.2.22-bp154.2.3.1.s390x","product_id":"cacti-spine-1.2.22-bp154.2.3.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"cacti-spine-1.2.22-bp154.2.3.1.x86_64","product":{"name":"cacti-spine-1.2.22-bp154.2.3.1.x86_64","product_id":"cacti-spine-1.2.22-bp154.2.3.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Package Hub 12","product":{"name":"SUSE Package Hub 12","product_id":"SUSE Package Hub 12","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:12"}}},{"category":"product_name","name":"SUSE Package Hub 15 SP3","product":{"name":"SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3"}},{"category":"product_name","name":"SUSE Package Hub 15 SP4","product":{"name":"SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4"}},{"category":"product_name","name":"openSUSE Leap 15.3","product":{"name":"openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.3"}}},{"category":"product_name","name":"openSUSE Leap 15.4","product":{"name":"openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cacti-1.2.22-bp154.2.3.1.noarch as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:cacti-1.2.22-bp154.2.3.1.noarch"},"product_reference":"cacti-1.2.22-bp154.2.3.1.noarch","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.aarch64 as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:cacti-spine-1.2.22-bp154.2.3.1.aarch64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.aarch64","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.i586 as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:cacti-spine-1.2.22-bp154.2.3.1.i586"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.i586","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:cacti-spine-1.2.22-bp154.2.3.1.ppc64le"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.s390x as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:cacti-spine-1.2.22-bp154.2.3.1.s390x"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.s390x","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.x86_64 as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:cacti-spine-1.2.22-bp154.2.3.1.x86_64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"cacti-1.2.22-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3:cacti-1.2.22-bp154.2.3.1.noarch"},"product_reference":"cacti-1.2.22-bp154.2.3.1.noarch","relates_to_product_reference":"SUSE Package Hub 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3:cacti-spine-1.2.22-bp154.2.3.1.aarch64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3:cacti-spine-1.2.22-bp154.2.3.1.i586"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.i586","relates_to_product_reference":"SUSE Package Hub 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3:cacti-spine-1.2.22-bp154.2.3.1.ppc64le"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3:cacti-spine-1.2.22-bp154.2.3.1.s390x"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3:cacti-spine-1.2.22-bp154.2.3.1.x86_64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"cacti-1.2.22-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:cacti-1.2.22-bp154.2.3.1.noarch"},"product_reference":"cacti-1.2.22-bp154.2.3.1.noarch","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:cacti-spine-1.2.22-bp154.2.3.1.aarch64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:cacti-spine-1.2.22-bp154.2.3.1.i586"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.i586","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:cacti-spine-1.2.22-bp154.2.3.1.ppc64le"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:cacti-spine-1.2.22-bp154.2.3.1.s390x"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:cacti-spine-1.2.22-bp154.2.3.1.x86_64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"cacti-1.2.22-bp154.2.3.1.noarch as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:cacti-1.2.22-bp154.2.3.1.noarch"},"product_reference":"cacti-1.2.22-bp154.2.3.1.noarch","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:cacti-spine-1.2.22-bp154.2.3.1.aarch64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.aarch64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.i586 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:cacti-spine-1.2.22-bp154.2.3.1.i586"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:cacti-spine-1.2.22-bp154.2.3.1.ppc64le"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.s390x as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:cacti-spine-1.2.22-bp154.2.3.1.s390x"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.s390x","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:cacti-spine-1.2.22-bp154.2.3.1.x86_64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"cacti-1.2.22-bp154.2.3.1.noarch as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:cacti-1.2.22-bp154.2.3.1.noarch"},"product_reference":"cacti-1.2.22-bp154.2.3.1.noarch","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:cacti-spine-1.2.22-bp154.2.3.1.aarch64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.aarch64","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.i586 as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:cacti-spine-1.2.22-bp154.2.3.1.i586"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:cacti-spine-1.2.22-bp154.2.3.1.ppc64le"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.ppc64le","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.s390x as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:cacti-spine-1.2.22-bp154.2.3.1.s390x"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.s390x","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"cacti-spine-1.2.22-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:cacti-spine-1.2.22-bp154.2.3.1.x86_64"},"product_reference":"cacti-spine-1.2.22-bp154.2.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.4"}]}}