Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Seeking Guidance on MANY OpenSSL vulnerabilities

https://support.nagios.com/forum/viewtopic.php?t=66420

Page 1 of 1

Seeking Guidance on MANY OpenSSL vulnerabilities

Posted: Tue Jan 23, 2024 4:57 pm
by LAPFCU
We haven't addressed these vulnerabilities because there are no updates offered when checking, but it has come time for us to clear what we can. I can't seem to find much guidance on this, was hoping Nagios Support had some idea as there are so many of them:

OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2u Procedure Overflow Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2w Information Disclosure Medium
OpenSSL 1.0.2 < 1.0.2x Null Pointer Dereference Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2y Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2za Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2zd Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2ze Vulnerability Critical
OpenSSL 1.0.2 < 1.0.2zf Vulnerability Critical
OpenSSL 1.0.2 < 1.0.2zg Multiple Vulnerabilities High
OpenSSL 1.0.2 < 1.0.2zh Multiple Vulnerabilities Medium
OpenSSL 1.0.2 < 1.0.2zi Vulnerability Medium
OpenSSL 1.0.2 < 1.0.2zj Vulnerability Medium
OpenSSL 1.0.x < 1.0.2m RSA/DSA Unspecified Carry Issue Medium
OpenSSL 1.0.x < 1.0.2o Multiple Vulnerabilities Medium
OpenSSL 1.0.x < 1.0.2p Multiple Vulnerabilities Medium
OpenSSL 1.0.x < 1.0.2q Multiple Vulnerabilities Medium
OpenSSL 1.0.x < 1.0.2r Information Disclosure Vulnerability Medium

Once again, just wondering if there was some recommended way of tackling these as simply updating them thru yum doesnt seem to be one of them!

Re: Seeking Guidance on MANY OpenSSL vulnerabilities

Posted: Tue Jan 23, 2024 5:13 pm
by danderson
Thanks for reaching out @LAPFCU,

I'm taking some liberties and assuming you have an older version of CentOS or some other variant of RPM Linux. Take a look a this link here because I believe it applies here.
https://access.redhat.com/security/updates/backporting

Let me know if it doesn't.

Re: Seeking Guidance on MANY OpenSSL vulnerabilities

Posted: Wed Jan 24, 2024 12:20 pm
by LAPFCU
Thanks for your response!

So, to be honest, the best move would be to use a newer compatible version of linux eh? :D Also, feel free to close this issue out, thank you for your assistance!

Heres our release output:

CentOS Linux release 7.9.2009 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.9.2009 (Core)
CentOS Linux release 7.9.2009 (Core)
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited