GLPI Agent: Release 1.7.3

by | Apr 3, 2024 | News

GLPI Agent 1.7.3 has been released.

You can download it on the GLPI Agent github project: https://github.com/glpi-project/glpi-agent/releases/tag/1.7.3

This version essentially fixes a regression introduced in the MSI packaging for Windows in the 1.7.2 version:

  • the LOCAL parameter was forced to the agent installation folder when not used. After that, local inventory was also generated even if this wasn’t required. This LOCAL configuration will be removed during this update.
  • CVE-2024-28241 patch was modified to not be enabled if the installation folder and (if used) the LOCAL parameter remain under the default system folder as there’s not security issue in that case.

These updates only impact Windows installation performed with MSI packaging.

We invite you to upgrade your agents on Windows as soon as possible.

You don’t need to upgrade to 1.7.3 GLPI Agents that were not installed on Windows and which are at least in 1.7 version.

Stay connected! Follow us on our social media platforms!

GLPI Agent 1.7.2 available!

by | Mar 25, 2024 | News

GLPI Agent 1.7.2 has been released!

GLPI Agent Release 1.7.2

You can download it on the GLPI Agent github project: https://github.com/glpi-project/glpi-agent/releases/tag/1.7.2

This version specifically fixes 2 critical security issues related to MSI packaging on windows:

  • CVE-2024-28240: A local user could modify the GLPI Agent configuration to gain higher privileges.
  • CVE-2024-28241: A local user could modify the GLPI-Agent installation to gain higher privileges, but only when GLPI Agent is not installed in the default installation folder.

These security issues impact all Windows installation performed with MSI packaging.

We encourage you to upgrade all these agents as soon as possible!

Anyway you don’t need to upgrade to 1.7.2 after updating to 1.7.1 if your GLPI Agent was not installed on windows with the MSI package.