Effect of vulnerablity patching on installation

[jkelly1959]

Our security departments scan around vulnerabilities after we installed the product(Server) came up with a bunch of hits. Mostly apache visa PHP.
Install came with PHP at 5.4.16. The recommendation is to add patching to at least 5.6.31 or even higher.
Will adding this patches affect the functionality of XI or Core?

There were also recommendations to disable cipher 3DES and RC4 on the server
Will that affect functionality?

ANd they also recommend disabling Http trace on apache. Will functionality be affected?

THanks
John

[dwhitfield]

You will need to upgrade to Xi 5.4.9 and then upgrade your PHP. Otherwise, you will run into issues. If you are already on 5.4.9, then you should be able to upgrade to PHP 5.6.

For clarity, this is only for *English*. There is a language bug that should be fixed in XI 5.4.10...which should be out before the end of the month.

[jkelly1959]

I have attached the response from our Linux adming afer loading the RPM for PHP.

]The NagiosXI install still references the old and then pulls that down as well.

Is there a setting where we can keep it from pulling in the old version? Im just not sure if he is rerunning the nagiosxi yum install or some other mechanism is doing this

[scottwilkerson]

We would need to know which package you are referring to.

The upgrade of php would need to happen after Nagios XI is installed if you are going to use a version different than the default for the OS.