Hi,
I need to understand what CVEs for openssl and python are being fiixed with NCPA 3.1.4. There is no details of this in the release notes.
Reason being we have some servers that don't support 3.1.4 due to them using a older version than gilbc version 2.28 and NCPA 3.1.4 would not run.
We need to understand the risk.
Thanks
NCPA 3.1.4 - What CVEs are being fixed?
-
Aureliojin01
- Posts: 1
- Joined: Tue Aug 05, 2025 2:01 am
Re: NCPA 3.1.4 - What CVEs are being fixed?
Hi Kent,
Good question! I also didn’t find a full list of CVEs addressed in NCPA 3.1.4. Has anyone from the Nagios team confirmed whether this update includes critical OpenSSL fixes from early 2024? Our security team is asking for a changelog or CVE mapping too.
Also curious if anyone has workarounds for systems stuck on glibc < 2.28?
Thanks in advance!
Aurelio Jin
Good question! I also didn’t find a full list of CVEs addressed in NCPA 3.1.4. Has anyone from the Nagios team confirmed whether this update includes critical OpenSSL fixes from early 2024? Our security team is asking for a changelog or CVE mapping too.
Also curious if anyone has workarounds for systems stuck on glibc < 2.28?
Thanks in advance!
Aurelio Jin
Last edited by Aureliojin01 on Tue Aug 05, 2025 2:04 am, edited 1 time in total.
-
nset
Re: NCPA 3.1.4 - What CVEs are being fixed?
Hi Kent,
Thank you for reaching out. Most of the CVEs were related to outdated Python and OpenSSL versions that have been resolved with the upgrade to 3.1.4.For more information about the CVEs please check out the changelog for python and OpenSSL dependencies.
Please let us know if you have any other questions or concerns
-Nyi
Thank you for reaching out. Most of the CVEs were related to outdated Python and OpenSSL versions that have been resolved with the upgrade to 3.1.4.For more information about the CVEs please check out the changelog for python and OpenSSL dependencies.
Please let us know if you have any other questions or concerns
-Nyi
Last edited by nset on Fri Aug 15, 2025 10:06 am, edited 1 time in total.
Re: NCPA 3.1.4 - What CVEs are being fixed?
Hello @Aureliojin01,
Unfortunately, there isn't currently support for systems that aren't supported by updated Python/OpenSSL versions as those versions would have security vulnerabilities. If you're trying to use newer versions of NCPA on older software, you can always try building it yourself and modifying the version of Python/OpenSSL to versions that are supported on your OS.
Unfortunately, there isn't currently support for systems that aren't supported by updated Python/OpenSSL versions as those versions would have security vulnerabilities. If you're trying to use newer versions of NCPA on older software, you can always try building it yourself and modifying the version of Python/OpenSSL to versions that are supported on your OS.
Actively advancing awesome answers with ardent alliteration, aptly addressing all ambiguities. Amplify your acumen and avail our amicable assistance. Eagerly awaiting your astute assessments of our advice.