CVE-2024-12254 - python 3.12 in current NCPA distribution

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Post Reply
Velocity Electronics
Posts: 5
Joined: Wed Jan 05, 2022 3:48 pm

CVE-2024-12254 - python 3.12 in current NCPA distribution

Post by Velocity Electronics »

The latest version of NCPA (3.1.1) includes Python 3.12.6 which falls into the CVE-2024-12254 vulnerability list. There needs to be a new version released that has Python of at least version 3.14.0a2.
Top
danderson

Re: CVE-2024-12254 - python 3.12 in current NCPA distribution

Post by danderson »

Thanks for reaching out,

I believe the references to the writelines function in NCPA is actually this and not this, which is the method that CVE is about. So I don't believe this applies. I wouldnt want to upgrade to a Development version anyway.
Top
Velocity Electronics
Posts: 5
Joined: Wed Jan 05, 2022 3:48 pm

Re: CVE-2024-12254 - python 3.12 in current NCPA distribution

Post by Velocity Electronics »

Agreed, can't use a pre-release, but when a patched version is generally available, it should be incorporated in a new NCPA release.
Top
bbahn
Posts: 385
Joined: Thu Jan 12, 2023 5:42 pm

Re: CVE-2024-12254 - python 3.12 in current NCPA distribution

Post by bbahn »

Hello @Velocity Electronics,

We will be updating the NCPA build process to utilize the latest available version of Python that we can build with as soon as possible.
Actively advancing awesome answers with ardent alliteration, aptly addressing all ambiguities. Amplify your acumen and avail our amicable assistance. Eagerly awaiting your astute assessments of our advice.
Top
Post Reply

Return to “Nagios XI”