This update for cacti, cacti-spine fixes the following issues:
cacti-spine 1.2.25:
- Spine should see if script to be executed is executable
- Enhance number recognition
- When polling devices, sort by larger number of items first
- Log format may be corrupted when timeout occurs
- Compile warning appears due to GCC flag on RHEL7/RHEL8
- Downed device detection only checks one of the two uptime OIDs
- Compile error appears due to execinfo.h on FreeBSD
- Bootstrap shell script contains some PHP cruft
- Padding is not always removed from the start of non-numeric strings
- Improve SNMP result handling for non-numeric results
- Further improve SNMP result handling for non-numeric results
- Remove check for the max_oids column which has been present since Cacti v1.0
- Minimize Sorting when fetching poller records for maximum performance
- Spine should see if script to be executed is executable
cacti-spine 1.2.24:
- Fix segfault when ignoring older OIDs
cacti 1.2.25:
- CVE-2023-30534: Protect against Insecure deserialization of filter data (boo#1215082)
- CVE-2023-39360: Cross-Site Scripting vulnerability when creating new graphs (boo#1215044)
- CVE-2023-39361: Unauthenticated SQL Injection when viewing graphs (boo#1215045)
- CVE-2023-39357: SQL Injection when saving data with sql_save() (boo#1215040)
- CVE-2023-39362: Authenticated command injection when using SNMP options (boo#1215047)
- CVE-2023-39359: Authenticated SQL injection vulnerability when managing graphs (boo#1215043)
- CVE-2023-39358: Authenticated SQL injection vulnerability when managing reports (boo#1215042)
- CVE-2023-39365: SQL Injection when using regular expressions (boo#1215051)
- CVE-2023-39364: redirect in change password functionality (boo#1215050)
- CVE-2023-39366: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215052)
- CVE-2023-39510: Cross-Site Scripting vulnerability with Device Name when administrating Reports (boo#1215053)
- CVE-2023-39511:...