Page 1 of 1
PHP Unsupported / Apache2.4 Vuln.
Posted: Thu Oct 10, 2024 11:07 am
by Nuggel1234
Hello,
we have Nagios XI (Nagios XI 2024R1.2.1) on Cent OS 9 (appliance from nagios).
Our cybersecurity guys scanned the vm and detected the following vulnerabilities:
Apache 2.4.x < 2.4.62 Multiple Vulnerabilities
OpenSSL 3.2.0 < 3.2.3 Vulnerability
PHP Unsupported Version Detection
we installed the altest Nagios Update. How can we fix those issues?
Thank you
Re: PHP Unsupported / Apache2.4 Vuln.
Posted: Thu Oct 10, 2024 2:50 pm
by jmichaelson
since you're using an appliance, i'd recommend taking a snapshot of it in case something goes wrong, and running yum update in a shell.
Re: PHP Unsupported / Apache2.4 Vuln.
Posted: Fri Oct 11, 2024 9:24 am
by DoubleDoubleA
Hi @Nuggel1234,
The longer answer is that those packages you mention are system packages, and not Nagios software. So when you upgrade your XI, you are upgrading the Nagios software, but we don't upgrade your system packages for you, since for many of our customers, they are very specific about system administration and what packages they are running.
As @jmichaelson has mentioned, you can get to the command line and run yum upgrade, and it will update your system packages.
Aaron
Re: PHP Unsupported / Apache2.4 Vuln.
Posted: Mon Oct 14, 2024 4:40 pm
by danderson
Redhat backports security fixes to older versions of software so that they can maintain backwards compatibility easily. Like mentioned above, you can upgrade your packages with yum/dnf, but you may still get warnings from security scanners because of this backporting practice.
Read below for more info
https://access.redhat.com/security/updates/backporting