===================================================================== CERT-Renater Note d'Information No. 2007/VULN446 _____________________________________________________________________ DATE : 20/11/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Cacti. ====================================================================== The Cacti Group is proud to announce the release Cacti 0.8.7a. This new version resolves some outstanding issues that where identified after the release of Cacti 0.8.7. In versions of Cacti 0.8.7 and 0.8.6j a SQL injection security issue was identified and resolved. Patches are available for those of you running Cacti 0.8.7 and 0.8.6j. Patches can be downloaded from http://www.cacti.net/download_patches.php by clicking on the appropriate version of Cacti. Visit http://www.cacti.net to download Cacti. The following features included in 0.8.7a: Important Security Fixes * Possible SQL injection issue was resolved. Important Bug Fixes * Additional support for RRDTool graph minimum and maximum Y-axis limits added for RRDTool 1.2.x. * Support for opacity and alpha added for RRDTool 1.2.x. * Support for si units with logarithmic scaling added for RRDtool 1.2.x * Fixed issues with cron interval detection that was causing issues with polling intervals less than 5 minutes. * User manager now allows usernames with spaces and dashes. Regards, The Cacti Group Ian Berry, Larry Adams, Tony Roman, J.P. Pasnak, Jimmy Conner, Reinhard Scheck ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================