Nagios Support Forum

Posted: **Sat Apr 04, 2020 6:19 am**

We are using nagios core version 4.3.4.

Below Vulnerability need to fix :

1) PHP CVE-2020-7062 Denial of Service Vulnerability (20-0629)

Currently nagios core having php version "PHP 5.4.16".

Want to know, its ok for nagios core version 4.3.4 if php upgraded to below Non-Vulnerable php version.

Non-Vulnerable Systems
PHP PHP 7.2.28
PHP PHP 7.3.15
PHP PHP 7.4.3

2) Python CVE-2020-8492 Remote Denial of Service Vulnerability (20-0571)

Need help to fix python Vulnerability on the serve of nagios core with 4.3.4 version.

Posted: **Mon Apr 06, 2020 11:26 am**

Hello,

Thanks for using the Nagios Community forum. For specific security issues related to Nagios Core, please post those on the GitHub repository so a developer can review it and respond.

https://github.com/NagiosEnterprises/nagioscore/issues

Nagios Core by itself does not require PHP to be installed, so as far as upgrading PHP, you'll have to check compatibility with the add-ons you have installed.

Regarding the python vulnerability, you may be able to resolve this by updating (yum update) your server to the latest packages provided by the distribution.

Posted: **Wed Apr 08, 2020 2:54 pm**

Thanks for sharing information, will check php upgrade on test sever.

Posted: **Wed Apr 08, 2020 4:35 pm**

@ sandeepatil, No problem!

Posted: **Mon May 11, 2020 2:15 pm**

Upgraded PHP 7.3.15, no issue found in GUI.

We can close this thread.

Nagios Support Forum

Vulnerability fix

Vulnerability fix

Re: Vulnerability fix

Re: Vulnerability fix

Re: Vulnerability fix

Re: Vulnerability fix