Closed mdicss closed 5 months ago
Thank you for your report. Can you provide these details as well?
Which variant of the Monitoring Plugins do you use?
Plugin Version
plugin-name --version
(output e.g. about-me: v2023010603 by Linuxfabrik GmbH, Zurich/Switzerland
)Hi Markus We use the compiled version for linux. I've just seen, that we actually have version v2023112901 but on some observed machines, we still have v2022071801. So I think, you already have updated the libssl in the new plugin release?
It looks like the same library version. I used the following command and the output is the same with both versions, also the filesize is the same.
$ strings libssl.so.10 | grep "1.0" OPENSSL_1.0.1 OPENSSL_1.0.1_EC OPENSSL_1.0.2 SSLv3 part of OpenSSL 1.0.2k-fips 26 Jan 2017 TLSv1 part of OpenSSL 1.0.2k-fips 26 Jan 2017 DTLSv1 part of OpenSSL 1.0.2k-fips 26 Jan 2017 OpenSSL 1.0.2k-fips 26 Jan 2017 libssl.so.1.0.2k.debug
We'll have a look, thank you.
Any news here?
To ensure maximum compatibility between different Linux versions (keyword: glibc), as of today (2024-05-29) all plugins for the .zip/tar.gz file are compiled on CentOS 7. CentOS 7 currently ships with openssl 1.0.2k
. For Debian and RHEL compatible operating systems, we provide .deb/.rpm packages on https://repo.linuxfabrik.ch/, which are all built on their respective platforms.
On 2024-06-30 CentOS 7 will reach its EOL. We still need to check which platform we want to compile our plugins on after that to get maximum compatibility for the resulting binaries.
So we will not fix this for now. However, the problem will be solved with a new release after 2024-06-30.
Describe the solution you'd like
Hi A security-scan of our icinga installation reported a problem with libssl.so.10, which is included in the _internal folder of the compiled plugins. See: https://cve.org/CVERecord?id=CVE-2022-1292 http://www.nessus.org/u?d5a8df0f It would be good, to have a new release of the plugins with the libssl updated to the newest version. Regards, Matthias
Additional context
No response