Open BlYuzucorp opened 1 week ago
This wouldn't be isolated to Windows, since NCPA does a private bind of the a few libraries and doesn't use the ones in the general linux distribution the agent is installed on.
It should be a priority if there are unresolved CVEs in the current NCPA version.
This wouldn't be isolated to Windows, since NCPA does a private bind of the a few libraries and doesn't use the ones in the general linux distribution the agent is installed on.
It should be a priority if there are unresolved CVEs in the current NCPA version.
Not sure we are talking about he same thing. i speak about windows edition not linux edition of the package. SO the 3.0.14 library you bind had an issue with security.
Yes, we are. I'm saying the security issue you mention wouldn't be isolated to the Windows NCPA version.
" ..It should be a priority if there are unresolved CVEs in the current NCPA version. .."
i's a quite hard to understand. CVE described an issue with the current version and recommand to upgrade to new one. So why is not a priority ?
FYI, there's also plenty of CVEs to the OpenSSL packaged with it (as far as I understand it comes with python) and the packaged version of OpenSSL is EOS according to MS Defender
Hi,
You use risk openssl lib : c:\program files\nagios\ncpa\lib\libcrypto-3.dll and c:\program files\nagios\ncpa\lib\libssl-3.dll. You use 3.0.13 and need to be upgraded to 3.0.14.
Thks