The OpenSSL team announced the release of version 1.0.2j, which patches a missing CRL sanity check issue affecting only version 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. (CVE-2016-7052)
To update to the new OpenSSL version, please follow the instructions in our documentation system.
The Bitnami Team will continue working on updating the Cloud Images, Virtual Machines and Native Installers using the latest released version.
The Bitnami Team is happy to announce that our images on Google, Azure, Oracle (Ubuntu) and AWS Marketplace images have been properly updated. Additionally, we will continue to work on releasing the images for our all of our cloud platform partners, virtual machines and the native installers.
A new security vulnerability was recently discovered in certain versions of OpenSSL. More information about the vulnerability is available on the OpenSSL website: https://www.openssl.org/news/secadv/20160922.txt
Any Bitnami-packaged applications using affected OpenSSL versions prior to 1.0.1u, 1.0.2i and 1.1.0a are vulnerable.
To secure your server, you need to update the OpenSSL version included in the system and the OpenSSL library included into the Bitnami installation. Please take a moment to update your existing installations of Bitnami-packaged applications by following the instructions in our documentation system.
If you have any questions about this process, please post to our community support forum and we will be happy to help!