Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
dwhitfield
Former Nagios Staff
Posts: 4583 Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:
Post
by dwhitfield » Thu Jan 12, 2017 10:39 am
peterooney wrote:
I'm using Nagios 4.0.8 - could THAT be the problem?
I don't see anything in the change logs of Core or NRPE to suggest upgrading will fix anything, but the following suggests you should upgrade
* Fixed another root privilege escalation (CVE-2016-9566)
* Fixed a root privilege escalation (CVE-2016-8641)
* Fixed vulnerability CVE-2008-4796 (John Frickson)
* Fixed vulnerability CVE-2013-4214 (John Frickson)
* web interface vulnerable to Cross-Site Request Forgery attacks (John Frickson)
Did you install from distro repos or compile from source? If you compiled from source:
https://assets.nagios.com/downloads/nag ... ading.html
If we are hitting some sort of bug in Windows compatibility, we should make sure it exists in the latest version anyway.
neworderfac33
Posts: 329 Joined: Fri Jul 24, 2015 11:04 am
Post
by neworderfac33 » Fri Jan 13, 2017 12:08 pm
Good afternoon, folks - I've just been given authorisation for a new Nagios server with 4.2.2 on it, so I'll address this when I have that built.
Have a good weekend, all.
Pete
dwhitfield
Former Nagios Staff
Posts: 4583 Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:
Post
by dwhitfield » Fri Jan 13, 2017 12:14 pm
Is there any reason they didn't give auth for 4.2.4? Both 4.2.3 and 4.2.4 have important security fixes...or maybe that's just a typo.
neworderfac33
Posts: 329 Joined: Fri Jul 24, 2015 11:04 am
Post
by neworderfac33 » Mon Jan 16, 2017 4:53 am
Sorry, it WAS a typo - it's 4.2.4 that I'll be installing.
dwhitfield
Former Nagios Staff
Posts: 4583 Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:
Post
by dwhitfield » Mon Jan 16, 2017 10:15 am
Fantastic. I don't know how soon you are planning to upgrade, but 4.2.5 should be out soon. Normally I don't suggest putting off upgrades, but if you have to go through an approval process of each upgrade, it might make sense to wait for 4.2.5. I honestly don't know what is coming in 4.2.5.
I think 5.x is also not far off, but 4.2.5 will almost certainly be first.