-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:184 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cacti Date : September 17, 2007 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3113 _______________________________________________________________________ Updated Packages: Corporate 4.0: 0c6f53c1812f0a5e8e5ae5206812dee4 corporate/4.0/i586/cacti-0.8.6f-3.2.20060mlcs4.noarch.rpm a2a965f19a5e7071c30963026f4841bc corporate/4.0/SRPMS/cacti-0.8.6f-3.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 546c9a6b1e489ae63994efe8060f6e7a corporate/4.0/x86_64/cacti-0.8.6f-3.2.20060mlcs4.noarch.rpm a2a965f19a5e7071c30963026f4841bc corporate/4.0/SRPMS/cacti-0.8.6f-3.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG7tK/mqjQ0CJFipgRAn3AAKCVaPuTwsehGrGgP1ZOidjj7x8DlwCfWesJ jwCO+qnEsfe435TT+HCFLTw= =Ek9h -----END PGP SIGNATURE-----