Security update for cacti, cacti-spine (moderate)

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for cacti, cacti-spine fixes the following issues:

cacti-spine was updated to 1.2.20:

 * Add support for newer versions of MySQL/MariaDB
 * When checking for uptime of device, don't assume a non-response is
   always fatal
 * Fix description and command trunctation issues
 * Improve spine performance when only one snmp agent port is in use

cacti-spine 1.2.19:

 * Fix 1ssues with polling loop may skip some datasources
 * Fix ping no longer works due to hostname changes
 * Fix RRD steps are not always calculated correctly
 * Fix unable to build when DES no longer supported
 * Fix IPv6 devices are not properly parsed
 * Reduce a number of compiler warnings
 * Fix compiler warnings due to lack of return in thread_mutex_trylock
 * Fix Spine will not look at non-timetics uptime when sysUpTimeInstance
   overflows
 * Improve performance of Cacti poller on heavily loaded systems

cacti-spine 1.2.20:

 * Add support for newer versions of MySQL/MariaDB
 * When checking for uptime of device, don't assume a non-response is
   always fatal
 * Fix description and command trunctation issues
 * Improve spine performance when only one snmp agent port is in use

cacti was updated to 1.2.20:

 * Security fix for CVE-2022-0730, boo#1196692 Under certain ldap
   conditions, Cacti authentication can be bypassed with certain
   credential types.
 * Security fix: Device, Graph, Graph Template, and Graph Items may be
   vulnerable to XSS issues
 * Security fix: Lockout policies are not properly applied to LDAP and
   Domain Users
 * Security fix: When using 'remember me' option, incorrect realm may be
   selected
 * Security fix: User and Group maintenance are vulnerable to SQL attacks
 * Security fix: Color Templates are vulnerable to XSS attack
 * Features:
   * When creating a Data Source Profile, allow additional choices for
     Heartbeat
   * Change select all options to use Font Awesome icons
   * Improve spine performance by storing the total number of system
     snmp_ports in use
   * Prevent Template User Accounts from being Removed
   * When managing by users, allow filtering by Realm
   * Allow plugins to supply template account names
   * When viewing logs, additional message types should be filterable
   * When creating a Graph Template Item, allow filtering by Data Template
   * Allow language handler to be selected via UI
   * Updated Device packages for Synology, Citrix NetScaler, Cisco
     ASA/Cisco
   * Add Advanced Ping Graph Template to initial Installable templates
   * Add LDAP Debug Mode option
   * Allow Reports to include devices not on a Tree
   * Allow Basic Authentication to display custom failure message
 * Fix: When replicating data during installation/upgrade, system may
   appear to hang
 * Fix: Graph Template Items may have duplicated entries
 * Fix: Unable to Save Graph Settings
 * Fix: Script Server may crash if an OID is missing or unavailable
 * Fix: When system-wide polling is disabled, remote pollers may fail to
   sync changed settings
 * Fix: When updating poller name, duplicate name protection may be over
   zealous
 * Fix: Titles may show "Missing Datasource" incorectly
 * Fix: Checking for MIB Cache can cause crashes
 * Fix: Polling cycles may not always complete as expected
 * Fix: When viewing graph data, non-numeric values may appear
 * Fix: Utilities view has calculation errors when there are no data
   sources
 * Fix: When editing Reports, drag and drop may not function as intended
 * Fix: When data drive is full, viewing a Graph can result in errors
 * Various other bug fixes

cacti 1.2.19:

 * Further fixes for grave character security protection (boo#1192408)
 * Fix Over aggressive escaping causing menu visibility issues on Create
   Device page
 * Add SHA256 and AES256 security levels for SNMP polling
 * Import graph template(Preview Only) show color_id new value as a blank
   area
 * Fix Editing graphs errors due to missing sequence
 * Fix 2hen hovering over a Tree Graph, row shows same highlighting as
   Graph Edit screen
 * Fix 2hen RealTime is not active, console errors may appear
 * Fix race conditions may occur when multiple RRDtool processes are
   running
 * Fix errors creating graphs from templates
 * Fix errors when duplicating reports
 * Fix Boost may be blocked by overflowing poller_output table
 * Fix Template import may be blocked due to unmet dependency warnings
   with snmp ports
 * Fix Newer MySQL versions may error if committing a transaction when
   not in one
 * Fix SNMP Agent may not find a cache item
 * Fix Correct issues running under PHP 8.x
 * Fix When polling is disabled, boost may crash and creates many arch
   tables
 * Fix When poller runs, memory tables may not always be present
 * Fix Timezones may sometimes be incorrectly calculated
 * Fix Allow monitoring IPv6 with interface graphs
 * Fix When a data source uses a Data Input Method, those without a
   mapping should be flagged
 * Fix When RRDfile is not yet created, errors may appear when displaying
   the graph
 * Fix Cacti missing key indexes that result in Preset pages slowdowns
 * Fix Data Sources page shows no name when Data Source has no name cache
 * Fix db_update_table function can not alter table from signed to
   unsigned
 * Fix data remains in poller_output table even if it's flushed to rrd
   files
 * Fix Parameter list for lib/database.php:db_connect_real() is not
   correct in 3 places
 * Fix Offset is a reserved word in MariaDB 10.6 affecting Report
 * Fix Rendering large trees slowed due to lack of permission caching
 * Fix Error on interpretation of snmpUtime, when to big
 * Fix Applying right axis formatting creates an error-image
 * Fix Unable to Save Graph Settings from the Graphs pages
 * Fix Graph Template Cache is nullified too often when Graph Automation
   is running
 * Fix When Adding a Data Query to a Device, no Progress Spinner is shown
 * Fix New Browser Breaks Plugins that depend on non UTC date time data
 * Fix errors when testing remote poller connectivity
 * Fix errors when renaming poller
 * Fix Removing spikes by Variance does not appear to be working beyond
   the first RRA
 * Fix LDAP API lacks timeout options leading to bad login experiences
 * Add a normal/wrap class for general use
 * Limit File Types available for Template Import operations
 * Fix Cacti does not provide an option of providing a client side
   certificate for LDAP/AD authentication
 * Support Stronger Encryption Available Starting in Net-SNMP v5.8
 * Allow Cacti to use multiple possible LDAP servers
 * Add a 15 minute polling/sampling interval
 * Provide additional admin email notifications
 * Add warnings for undesired changes to plugin hook return values
 * When creating a Graph, make testing the Data Sources optional by
   Template
 * Update phpseclib to 2.0.33
 * Update jstree.js to 3.3.12
 * Improve performance of Cacti poller on heavily loaded systems
 * MariaDB recommendations need some tuning for recent updates

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Backports SLE-15-SP3:

  zypper in -t patch openSUSE-2022-145=1

• SUSE Package Hub for SUSE Linux Enterprise 12:

  zypper in -t patch openSUSE-2022-145=1