Hello community, here is the log from the commit of package cacti for openSUSE:Factory checked in at 2014-04-14 12:25:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cacti (Old) and /work/SRC/openSUSE:Factory/.cacti.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti" Changes: -------- --- /work/SRC/openSUSE:Factory/cacti/cacti.changes 2014-04-13 13:14:50.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.cacti.new/cacti.changes 2014-04-14 12:25:49.000000000 +0200 @@ -1,0 +2,17 @@ +Sun Apr 13 20:21:53 UTC 2014 - [email protected] + +- Add cacti-0.8.8b_security.patch: + - Fixes [bnc#870821]: + - CVE-2014-2326: Unspecified HTML Injection Vulnerability + - Fixes CVE-2014-2328: + - Unspecified Remote Command Execution Vulnerability + - Fixes [bnc#872008]: + - CVE-2014-2708: Unspecified SQL Injection Vulnerability + - CVE-2014-2709: Unspecified Remote Command Execution Vulnerability + +- Add cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch: + - Fixes [bnc#837440]: + - CVE-2013-5588: HTML Injection Vulnerability + - CVE-2013-5589: SQL Injection Vulnerability + +------------------------------------------------------------------- New: ---- cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch cacti-0.8.8b_security.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cacti.spec ++++++ --- /var/tmp/diff_new_pack.ECNrQG/_old 2014-04-14 12:25:50.000000000 +0200 +++ /var/tmp/diff_new_pack.ECNrQG/_new 2014-04-14 12:25:50.000000000 +0200 @@ -35,6 +35,10 @@ Patch0: %{name}-%{version}-cacti-log-path.patch # PATCH-FIX-OPENSUSE cacti-0.8.8-cacti-script.patch Patch1: %{name}-%{version}-cacti-script.patch +# PATCH-FIX-OPENSUSE cacti-0.8.8b_security.patch -- Fix security issues +Patch2: cacti-0.8.8b_security.patch +# PATCH-FIX-OPENSUSE cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch +Patch3: cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch Provides: cacti-system %if 0%{?suse_version} BuildRequires: apache2-devel @@ -103,6 +107,8 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p3 %build #nothing to build ++++++ cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch ++++++ --- cacti/branches/0.8.8/host.php 2013/08/13 19:34:11 7419 +++ cacti/branches/0.8.8/host.php 2013/08/18 03:41:24 7420 @@ -149,6 +149,9 @@ if ($_POST["snmp_version"] == 3 && ($_POST["snmp_password"] != $_POST["snmp_password_confirm"])) { raise_message(4); }else{ + input_validate_input_number(get_request_var_post("id")); + input_validate_input_number(get_request_var_post("host_template_id")); + $host_id = api_device_save($_POST["id"], $_POST["host_template_id"], $_POST["description"], trim($_POST["hostname"]), $_POST["snmp_community"], $_POST["snmp_version"], $_POST["snmp_username"], $_POST["snmp_password"], --- cacti/branches/0.8.8/install/index.php 2013/08/13 19:34:11 7419 +++ cacti/branches/0.8.8/install/index.php 2013/08/18 03:41:24 7420 @@ -310,27 +310,28 @@ } /* pre-processing that needs to be done for each step */ -if (empty($_REQUEST["step"])) { - $_REQUEST["step"] = 1; -}else{ - if ($_REQUEST["step"] == "1") { - $_REQUEST["step"] = "2"; - }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "1")) { - $_REQUEST["step"] = "3"; - }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "3")) { - $_REQUEST["step"] = "8"; - }elseif (($_REQUEST["step"] == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { - $_REQUEST["step"] = "9"; - }elseif ($_REQUEST["step"] == "8") { - $_REQUEST["step"] = "3"; - }elseif ($_REQUEST["step"] == "9") { - $_REQUEST["step"] = "3"; - }elseif ($_REQUEST["step"] == "3") { - $_REQUEST["step"] = "4"; +if (isset($_REQUEST["step"]) && $_REQUEST["step"] > 0) { + $step = intval($_REQUEST["step"]); + if ($step == "1") { + $step = "2"; + } elseif (($step == "2") && ($_REQUEST["install_type"] == "1")) { + $step = "3"; + } elseif (($step == "2") && ($_REQUEST["install_type"] == "3")) { + $step = "8"; + } elseif (($step == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { + $step = "9"; + } elseif ($step == "8") { + $step = "3"; + } elseif ($step == "9") { + $step = "3"; + } elseif ($step == "3") { + $step = "4"; } +} else { + $step = 1; } -if ($_REQUEST["step"] == "4") { +if ($step == "4") { include_once("../lib/data_query.php"); include_once("../lib/utility.php"); @@ -366,7 +367,7 @@ header ("Location: ../index.php"); exit; -}elseif (($_REQUEST["step"] == "8") && ($_REQUEST["install_type"] == "3")) { +}elseif (($step == "8") && ($_REQUEST["install_type"] == "3")) { /* if the version is not found, die */ if (!is_int($old_version_index)) { print " <p style='font-family: Verdana, Arial; font-size: 16px; font-weight: bold; color: red;'>Error</p> @@ -505,7 +506,7 @@ </tr> <tr> <td width="100%" style="font-size: 12px;"> - <?php if ($_REQUEST["step"] == "1") { ?> + <?php if ($step == "1") { ?> <p>Thanks for taking the time to download and install cacti, the complete graphing solution for your network. Before you can start making cool graphs, there are a few @@ -530,7 +531,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.</p> - <?php }elseif ($_REQUEST["step"] == "2") { ?> + <?php }elseif ($step == "2") { ?> <p>Please select the type of installation</p> @@ -551,7 +552,7 @@ print "Server Operating System Type: " . $config["cacti_server_os"] . "<br>"; ?> </p> - <?php }elseif ($_REQUEST["step"] == "3") { ?> + <?php }elseif ($step == "3") { ?> <p>Make sure all of these values are correct before continuing.</p> <?php @@ -609,7 +610,7 @@ is an upgrade. You can change any of the settings on this screen at a later time by going to "Cacti Settings" from within Cacti.</p> - <?php }elseif ($_REQUEST["step"] == "8") { ?> + <?php }elseif ($step == "8") { ?> <p>Upgrade results:</p> @@ -659,7 +660,7 @@ print $upgrade_results; ?> - <?php }elseif ($_REQUEST["step"] == "9") { ?> + <?php }elseif ($step == "9") { ?> <p style='font-size: 16px; font-weight: bold; color: red;'>Important Upgrade Notice</p> @@ -673,7 +674,7 @@ <?php }?> - <p align="right"><input type="image" src="install_<?php if ($_REQUEST["step"] == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($_REQUEST["step"] == "3"){?>Finish<?php }else{?>Next<?php }?>"></p> + <p align="right"><input type="image" src="install_<?php if ($step == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($step == "3"){?>Finish<?php }else{?>Next<?php }?>"></p> </td> </tr> </table> @@ -681,7 +682,7 @@ </tr> </table> -<input type="hidden" name="step" value="<?php print $_REQUEST["step"];?>"> +<input type="hidden" name="step" value="<?php print $step;?>"> </form> --- cacti/branches/0.8.8/lib/api_device.php 2013/08/13 19:34:11 7419 +++ cacti/branches/0.8.8/lib/api_device.php 2013/08/18 03:41:24 7420 @@ -107,7 +107,7 @@ $_host_template_id = db_fetch_cell("select host_template_id from host where id=$id"); } - $save["id"] = $id; + $save["id"] = form_input_validate($id, "id", "^[0-9]+$", false, 3); $save["host_template_id"] = form_input_validate($host_template_id, "host_template_id", "^[0-9]+$", false, 3); $save["description"] = form_input_validate($description, "description", "", false, 3); $save["hostname"] = form_input_validate(trim($hostname), "hostname", "", false, 3); ++++++ cacti-0.8.8b_security.patch ++++++ diff -ruBbd cacti-0.8.8b/cdef.php cacti-0.8.8b.patched/cdef.php --- cacti-0.8.8b/cdef.php 2013-08-06 22:31:19.000000000 -0400 +++ cacti-0.8.8b.patched/cdef.php 2014-04-04 21:39:04.000000000 -0400 @@ -431,7 +431,7 @@ <a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a> </td> <td> - <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong> + <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong> </td> <td> <a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a> diff -ruBbd cacti-0.8.8b/graph_xport.php cacti-0.8.8b.patched/graph_xport.php --- cacti-0.8.8b/graph_xport.php 2013-08-06 22:31:19.000000000 -0400 +++ cacti-0.8.8b.patched/graph_xport.php 2014-04-04 21:39:04.000000000 -0400 @@ -47,43 +47,48 @@ $graph_data_array = array(); +/* ================= input validation ================= */ +input_validate_input_number(get_request_var("local_graph_id")); +input_validate_input_number(get_request_var("rra_id")); +/* ==================================================== */ + /* override: graph start time (unix time) */ -if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) { - $graph_data_array["graph_start"] = $_GET["graph_start"]; +if (!empty($_GET["graph_start"]) && is_numeric($_GET["graph_start"] && $_GET["graph_start"] < 1600000000)) { + $graph_data_array["graph_start"] = get_request_var("graph_start"); } /* override: graph end time (unix time) */ -if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) { - $graph_data_array["graph_end"] = $_GET["graph_end"]; +if (!empty($_GET["graph_end"]) && is_numeric($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) { + $graph_data_array["graph_end"] = get_request_var("graph_end"); } /* override: graph height (in pixels) */ -if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) { - $graph_data_array["graph_height"] = $_GET["graph_height"]; +if (!empty($_GET["graph_height"]) && is_numeric($_GET["graph_height"]) && $_GET["graph_height"] < 3000) { + $graph_data_array["graph_height"] = get_request_var("graph_height"); } /* override: graph width (in pixels) */ -if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) { - $graph_data_array["graph_width"] = $_GET["graph_width"]; +if (!empty($_GET["graph_width"]) && is_numeric($_GET["graph_width"]) && $_GET["graph_width"] < 3000) { + $graph_data_array["graph_width"] = get_request_var("graph_width"); } /* override: skip drawing the legend? */ if (!empty($_GET["graph_nolegend"])) { - $graph_data_array["graph_nolegend"] = $_GET["graph_nolegend"]; + $graph_data_array["graph_nolegend"] = get_request_var("graph_nolegend"); } /* print RRDTool graph source? */ if (!empty($_GET["show_source"])) { - $graph_data_array["print_source"] = $_GET["show_source"]; + $graph_data_array["print_source"] = get_request_var("show_source"); } -$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . $_REQUEST["local_graph_id"] . "'"); +$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . get_request_var("local_graph_id") . "'"); /* for bandwidth, NThPercentile */ $xport_meta = array(); /* Get graph export */ -$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], $_GET["rra_id"], $graph_data_array, $xport_meta); +$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], get_request_var("rra_id"), $graph_data_array, $xport_meta); /* Make graph title the suggested file name */ if (is_array($xport_array["meta"])) { diff -ruBbd cacti-0.8.8b/lib/graph_export.php cacti-0.8.8b.patched/lib/graph_export.php --- cacti-0.8.8b/lib/graph_export.php 2013-08-06 22:31:19.000000000 -0400 +++ cacti-0.8.8b.patched/lib/graph_export.php 2014-04-04 21:39:05.000000000 -0400 @@ -339,7 +339,7 @@ chdir($stExportDir); /* set the initial command structure */ - $stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password']; + $stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']); /* if the user requested passive mode, use it */ if ($aFtpExport['passive']) { @@ -347,7 +347,7 @@ } /* setup the port, server, remote directory and all files */ - $stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . "."; + $stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . "."; /* run the command */ $iExecuteReturns = 0; diff -ruBbd cacti-0.8.8b/lib/rrd.php cacti-0.8.8b.patched/lib/rrd.php --- cacti-0.8.8b/lib/rrd.php 2013-08-06 22:31:18.000000000 -0400 +++ cacti-0.8.8b.patched/lib/rrd.php 2014-04-04 21:39:04.000000000 -0400 @@ -865,13 +865,13 @@ /* basic graph options */ $graph_opts .= "--imgformat=" . $image_types{$graph["image_format_id"]} . RRD_NL . - "--start=$graph_start" . RRD_NL . - "--end=$graph_end" . RRD_NL . + "--start=" . cacti_escapeshellarg($graph_start) . RRD_NL . + "--end=" . cacti_escapeshellarg($graph_end) . RRD_NL . "--title=" . cacti_escapeshellarg($graph["title_cache"]) . RRD_NL . "$rigid" . - "--base=" . $graph["base_value"] . RRD_NL . - "--height=$graph_height" . RRD_NL . - "--width=$graph_width" . RRD_NL . + "--base=" . cacti_escapeshellarg($graph["base_value"]) . RRD_NL . + "--height=" . cacti_escapeshellarg($graph_height) . RRD_NL . + "--width=" . cacti_escapeshellarg($graph_width) . RRD_NL . "$scale" . "$unit_value" . "$unit_exponent_value" . @@ -1606,8 +1606,8 @@ /* basic export options */ $xport_opts = - "--start=$xport_start" . RRD_NL . - "--end=$xport_end" . RRD_NL . + "--start=" . cacti_escapeshellarg($xport_start) . RRD_NL . + "--end=" . cacti_escapeshellarg($xport_end) . RRD_NL . "--maxrows=10000" . RRD_NL; $xport_defs = ""; @@ -1997,7 +1997,7 @@ $stacked_columns["col" . $j] = ($graph_item_types{$xport_item["graph_type_id"]} == "STACK") ? 1 : 0; $j++; - $txt_xport_items .= "XPORT:" . $data_source_name . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ; + $txt_xport_items .= "XPORT:" . cacti_escapeshellarg($data_source_name) . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ; }else{ $need_rrd_nl = FALSE; } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
