Vulnerability fix

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
sandeepatil
Posts: 211
Joined: Tue Dec 27, 2016 3:12 am

Vulnerability fix

Post by sandeepatil »

We are using nagios core version 4.3.4.

Below Vulnerability need to fix :

1) PHP CVE-2020-7062 Denial of Service Vulnerability (20-0629)

Currently nagios core having php version "PHP 5.4.16".

Want to know, its ok for nagios core version 4.3.4 if php upgraded to below Non-Vulnerable php version.

Non-Vulnerable Systems
PHP PHP 7.2.28
PHP PHP 7.3.15
PHP PHP 7.4.3

2) Python CVE-2020-8492 Remote Denial of Service Vulnerability (20-0571)

Need help to fix python Vulnerability on the serve of nagios core with 4.3.4 version.
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: Vulnerability fix

Post by benjaminsmith »

Hello,

Thanks for using the Nagios Community forum. For specific security issues related to Nagios Core, please post those on the GitHub repository so a developer can review it and respond.

https://github.com/NagiosEnterprises/nagioscore/issues

Nagios Core by itself does not require PHP to be installed, so as far as upgrading PHP, you'll have to check compatibility with the add-ons you have installed.

Regarding the python vulnerability, you may be able to resolve this by updating (yum update) your server to the latest packages provided by the distribution.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
sandeepatil
Posts: 211
Joined: Tue Dec 27, 2016 3:12 am

Re: Vulnerability fix

Post by sandeepatil »

Thanks for sharing information, will check php upgrade on test sever.
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: Vulnerability fix

Post by benjaminsmith »

@ sandeepatil, No problem!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
sandeepatil
Posts: 211
Joined: Tue Dec 27, 2016 3:12 am

Re: Vulnerability fix

Post by sandeepatil »

Upgraded PHP 7.3.15, no issue found in GUI.

We can close this thread.
Locked