ALAS-2017-904


Amazon Linux 1 Security Advisory: ALAS-2017-904
Advisory Release Date: 2017-10-02 16:54 Pacific
Advisory Updated Date: 2017-10-02 22:00 Pacific
Severity: Medium

Issue Overview:

A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekill.php. (CVE-2017-12927)

The lib/html.php script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user. (CVE-2017-12978)


Affected Packages:

cacti


Issue Correction:
Run yum update cacti to update your system.

New Packages:
noarch:
    cacti-1.1.19-1.17.amzn1.noarch

src:
    cacti-1.1.19-1.17.amzn1.src