We are using nagios core version 4.3.4.
Below Vulnerability need to fix :
1) PHP CVE-2020-7062 Denial of Service Vulnerability (20-0629)
Currently nagios core having php version "PHP 5.4.16".
Want to know, its ok for nagios core version 4.3.4 if php upgraded to below Non-Vulnerable php version.
Non-Vulnerable Systems
PHP PHP 7.2.28
PHP PHP 7.3.15
PHP PHP 7.4.3
2) Python CVE-2020-8492 Remote Denial of Service Vulnerability (20-0571)
Need help to fix python Vulnerability on the serve of nagios core with 4.3.4 version.
Vulnerability fix
-
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Vulnerability fix
Hello,
Thanks for using the Nagios Community forum. For specific security issues related to Nagios Core, please post those on the GitHub repository so a developer can review it and respond.
https://github.com/NagiosEnterprises/nagioscore/issues
Nagios Core by itself does not require PHP to be installed, so as far as upgrading PHP, you'll have to check compatibility with the add-ons you have installed.
Regarding the python vulnerability, you may be able to resolve this by updating (yum update) your server to the latest packages provided by the distribution.
Thanks for using the Nagios Community forum. For specific security issues related to Nagios Core, please post those on the GitHub repository so a developer can review it and respond.
https://github.com/NagiosEnterprises/nagioscore/issues
Nagios Core by itself does not require PHP to be installed, so as far as upgrading PHP, you'll have to check compatibility with the add-ons you have installed.
Regarding the python vulnerability, you may be able to resolve this by updating (yum update) your server to the latest packages provided by the distribution.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 211
- Joined: Tue Dec 27, 2016 3:12 am
Re: Vulnerability fix
Thanks for sharing information, will check php upgrade on test sever.
-
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Vulnerability fix
@ sandeepatil, No problem!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 211
- Joined: Tue Dec 27, 2016 3:12 am
Re: Vulnerability fix
Upgraded PHP 7.3.15, no issue found in GUI.
We can close this thread.
We can close this thread.