Open BlYuzucorp opened 1 week ago
MrPippin66
commented
1 week ago This wouldn't be isolated to Windows, since NCPA does a private bind of the a few libraries and doesn't use the ones in the general linux distribution the agent is installed on.
It should be a priority if there are unresolved CVEs in the current NCPA version.
BlYuzucorp
commented
2 days ago This wouldn't be isolated to Windows, since NCPA does a private bind of the a few libraries and doesn't use the ones in the general linux distribution the agent is installed on.
It should be a priority if there are unresolved CVEs in the current NCPA version.
Not sure we are talking about he same thing. i speak about windows edition not linux edition of the package. SO the 3.0.14 library you bind had an issue with security.
MrPippin66
commented
2 days ago Yes, we are. I'm saying the security issue you mention wouldn't be isolated to the Windows NCPA version.
BlYuzucorp
commented
1 day ago " ..It should be a priority if there are unresolved CVEs in the current NCPA version. .."
i's a quite hard to understand. CVE described an issue with the current version and recommand to upgrade to new one. So why is not a priority ?
fdeyso
commented
1 day ago FYI, there's also plenty of CVEs to the OpenSSL packaged with it (as far as I understand it comes with python) and the packaged version of OpenSSL is EOS according to MS Defender
Hi,
You use risk openssl lib : c:\program files\nagios\ncpa\lib\libcrypto-3.dll and c:\program files\nagios\ncpa\lib\libssl-3.dll. You use 3.0.13 and need to be upgraded to 3.0.14.
Thks