Cacti bug#0002405 includes fixes for SQL injection and shell escaping (which could lead to arbitrary command execution). Fixes are available from: http://svn.cacti.net/viewvc?view=rev&revision=7439 CVE-2014-2708 is for the SQL injection issues in graph_xport.php. CVE-2014-2709 is for the shell escaping issues in lib/rrd.php References: http://seclists.org/oss-sec/2014/q2/15
Created cacti tracking bugs for this issue: Affects: fedora-all [bug 1084259] Affects: epel-all [bug 1084260]
cacti-0.8.8b-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
cacti-0.8.8b-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
cacti-0.8.8b-5.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
cacti-0.8.8b-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.