PHP vulnerabilities found during scan of NagiosXi

[phansen]

CENTOS 5.8 64 bit
Manual Install of XI (Nagios XI 2012R1.2) evaluation
No special configuration. Base OS install is stripped down as much as possible. The original base install does not have php on it.

Nagios installs and seems to work fine. When we run a vulnerability scan on the installation, the scan indicates that there are 24 php vulnerabilities in the versions of php (5.1.6-x) installed by Nagiosxi. We updated php to 5.1.6-39 (newest 5.1 version available on Centos 5.8). A rescan indicated the same vulnerabilities still exist.

Nagiosxi on Centos 6.3 uses php 5.3.3-x with far fewer vulnerabilities identified.

My question (finally) is can we upgrade php on Centos 5.8 to 5.3 (5.3.3-13.el5_8.x86_64.rpm) without breaking Nagiosxi functionality?

[slansing]

Those vulnerabilities are within PHP not Nagios XI. You can upgrade PHP to 53 but to do this you must grep for PHP and remove ALL the packages, (don't forget to keep the list) the re install them. You might also want to run the ./upgrade script from your Nagios XI installation package directory to add the source guardian extensions back in.

[scottwilkerson]

You can do this but you will need to get a list of all of the packages you system has before you start

Code: Select all

yum list installed |grep php

Then add the equivalent php53 packages after the upgrade.

One this to note, the following do not have php53 equivinent's but you can re-install them

Code: Select all

yum install -y php-pear php-pear-HTML-Template-IT php-pecl-json