Nagios XI - Security Issues

veeravamsi · Post by **veeravamsi** » Thu Mar 26, 2026 11:41 pm

Hi Team,

We are informed about security vulnerabilities related to mysql and httpd on Nagios XI system . So just wanted to find out if we can upgrade manually mysql & httpd or does this affect preinstalled mysql/httpd that comes bundled and break Nagios XI ?

Also what version of mysql & httpd gets deployed as part of latest XI available incase i upgrade the platform ? Is this published anywhere in version log or something ?

--Vamsi

kg2857 · Post by **kg2857** » Thu Mar 26, 2026 11:53 pm

The versions of the packages are determined by the versions distributed with the version of the OS.

veeravamsi · Post by **veeravamsi** » Fri Mar 27, 2026 12:32 am

For Oracle Linux 8 and if i get xi-2026R1.3 ?

kg2857 · Post by **kg2857** » Fri Mar 27, 2026 1:53 am

I don't know what you're asking.
The nagios website has a list of supported linux distros and versions.

veeravamsi · Post by **veeravamsi** » Fri Mar 27, 2026 4:08 am

Im not new to Nagios and i have gone through website and also changelog https://www.nagios.com/changelog/nagios-xi/ and i couldnt find what im looking for.

Basically what im asking is

1.what versions of mysql and httpd/openssl gets deployed as part of latest Nagios XI ?
2.if we upgrade mysql/openssl directly will it impact or break due to any compatibility ?

I need this info to identify how to handle security vulnerabilities detected with some of these versions.

kg2857 · Post by **kg2857** » Fri Mar 27, 2026 4:15 am

You have it backwards. Nagios doesn't determine the version of software packages, the OS distro and version does.
I'm not sure why this is confusing.
If you have issues with security problems talk to Oracle.

veeravamsi · Post by **veeravamsi** » Fri Mar 27, 2026 4:46 am

Are you from Nagios Support Team or Individual Forum Contributor ?

You mean to say : mysqld and httpd/openssl are not packaged in Nagios XI installer and they are dependent on OS Distro ?

Is easy to blame each other . If i contact Oracle they point to Nagios

and Nagios is asking goto Oracle

socktucker · Post by **socktucker** » Fri Mar 27, 2026 5:31 am

In Nagios XI, MySQL, httpd, and OpenSSL are not bundled or version-controlled by Nagios itself—they come from the underlying OS (e.g., Oracle Linux). So the versions depend entirely on your OS repositories, not the XI release.

You can update them via the OS, but major version upgrades (not patches) may break compatibility. Safe approach: apply OS security updates only, avoid manual major upgrades unless tested.

veeravamsi · Post by **veeravamsi** » Fri Mar 27, 2026 9:23 am

Perfect. Thanks alot for clear message and exactly the info im looking for.

I will check with my Patching Team and check on next steps.

DoubleDoubleA · Post by **DoubleDoubleA** » Fri Mar 27, 2026 11:53 am

Also, in many cases, Red Hat backports security patches to packages to support older OS packages, though I'm not sure what Oracle does there. This issue frequently comes up. Part of the problem is that the security tool only reports a vulnerability based on the package version, and not whether the actual package on the system has received a backported patch or not.

Nagios Support Forum

Nagios XI - Security Issues

Nagios XI - Security Issues

Re: Nagios XI - Security Issues

Re: Nagios XI - Security Issues

Re: Nagios XI - Security Issues

Re: Nagios XI - Security Issues

Re: Nagios XI - Security Issues

Re: Nagios XI - Security Issues

Re: Nagios XI - Security Issues

Re: Nagios XI - Security Issues

Re: Nagios XI - Security Issues