Nagios Support Forum

Posted: **Thu Jan 16, 2014 12:04 pm**

Kicking the can 6mo down the road from this thread: http://support.nagios.com/forum/viewtop ... 16&t=10904

PCI vulnerability audit is now wanting PHP 5.5.7 or better, any chance this is supported yet?

On a test system, I'm getting errors with 2012r2.7:

Code: Select all

[Thu Jan 16 10:56:24 2014] [error] [client 10.71.4.3] PHP Fatal error:  SourceGuardian Loader - This protected script does not support version 5.5.8 of PHP. Please contact the script author about this problem. Error code [07] in /usr/local/nagiosxi/html/includes/dbl.inc.php on line 2

Is 5.5 going to be supported in 2014?

Posted: **Thu Jan 16, 2014 12:16 pm**

At this point it was not planned, if it really needs to happen, as I'm sure you would like, we can probably work something out. If possible I would really like to know either what cve's its finding that 5.4 has not had backports for, or what tool is causing this report. Feel free to PM me as I'm sure you don't want the latter being public knowledge. But it seems like your auditors are just taking the vulnerability scanner at its word and never verifying if its actually vulnerable, which leads you to do a lot of extra work. When you went from 5.3 to 5.4, there were almost none if any patches that were not backported to 5.3, its just that it only is considering main php version and not what the rpm may contain, as I feel it should. I'm not trying to say it's a bad practice to update, thats certainly a good thing, but I think your auditors are a bit overboard and blindly accepting scans.

Posted: **Thu Jan 16, 2014 12:23 pm**

Oh, yeah. We're there. PCI audits are worse than the IRS.

CVE-2011-4718
CVE-2013-6420

I'll PM you the tool we use.

Posted: **Thu Jan 16, 2014 1:12 pm**

Sreinhardt responded to you via PM.

Nagios Support Forum

PHP Version issues again

PHP Version issues again

Re: PHP Version issues again

Re: PHP Version issues again

Re: PHP Version issues again