Bug 14050

Summary:	[CVE21] Cacti 1.2.22 CVEs
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	major
Priority:	Highest	CC:	a.proklov, m.novosyolov
Version:	All	Flags:	v.potapov: secteam_verified+
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-11-28 15:38:06 MSK

CVE-2023-39362
https://nvd.nist.gov/vuln/detail/CVE-2023-39362

Base Score: 7.2 HIGH

Comment 1 Vladimir Potapov 2023-11-28 15:38:35 MSK

Есть exploit

Comment 2 Mikhail Novosyolov 2023-11-29 00:10:54 MSK

Убираю cacti с сертифицированного диска rosa2021.15. Его можно руками поставить легко.
https://abf.io/soft/rosa-repo-image/commit/420a1f1734dc258f9c176caf68ac8cd899a1d618
Пакет из contrib.

Comment 3 Vladimir Potapov 2023-11-29 11:25:52 MSK

Но это не значит, что вообще исправлять не нужно. Нужно, но менее срочно
https://nvd.nist.gov/vuln/detail/CVE-2023-31132 Exploit
https://nvd.nist.gov/vuln/detail/CVE-2023-39511 Exploit
https://nvd.nist.gov/vuln/detail/CVE-2023-39512 Exploit
https://nvd.nist.gov/vuln/detail/CVE-2023-39513 Exploit
https://nvd.nist.gov/vuln/detail/CVE-2023-39514 Exploit
https://nvd.nist.gov/vuln/detail/CVE-2023-39516 Exploit
https://nvd.nist.gov/vuln/detail/CVE-2023-39358 Exploit
https://nvd.nist.gov/vuln/detail/CVE-2023-39359 Exploit
https://nvd.nist.gov/vuln/detail/CVE-2023-39365 Exploit
https://nvd.nist.gov/vuln/detail/CVE-2023-30534 Exploit

Comment 4 Aleksandr Proklov 2023-11-30 02:50:58 MSK

обновлен в контрибе до версии 1.2.25 в платформах 2021.1, 2021.15, 2023.1