New XAMPP with new libpng version

Announcements and news about XAMPP and the Apache Friends project.

New XAMPP with new libpng version

Postby Beltran » 20. November 2015 20:59

Hi,

We just released new versions of XAMPP for Windows, OS X and Linux. This is a security release to fix libpng https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126 for OS X and Linux versions. This issue allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (image header) chunk in a PNG image.

The libpng version has not been upgraded for Windows yet. We use the official PHP compiled binaries for Windows and the current versions use a previous libpng. We will release a new XAMPP version as soon as it is available.

You can check the libpng version with the following commands:

Linux: /opt/lampp/bin/libpng-config --version

OS X: /Applications/XAMPP/xamppfiles/bin/libpng-config --version

The non vulnerable version is 1.5.24.

You can download new versions at http://www.apachefriends.org/download.html.
User avatar
Beltran
Power-User
 
Posts: 170
Joined: 22. March 2013 12:29
XAMPP version: 10
Operating System: Windows, Linux, OS X

Return to Announcements and news

Who is online

Users browsing this forum: No registered users and 3 guests

cron