Monday, November 16, 2015

Security Notification: libpng multiple buffer overflows CVE-2015-8126

A new security vulnerability was recently discovered in certain versions of libpng. You can find out more about the vulnerability here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126

Any Bitnami-packaged applications using affected versions of libpng that were installed or launched after April 9th, 2012 are vulnerable.

We believe it is the utmost importance to quickly address any security issues in applications distributed by Bitnami and our team are working to update all of the affected applications available through Bitnami and other cloud marketplaces.

We also created a patch that can be applied to fix this vulnerability in applications that are already deployed. Please take a moment to update existing installations of Bitnami-packaged applications by following the instructions in our wiki:

https://wiki.bitnami.com/security/2015-11-16_libpng_security_issue_(CVE-2015-8126)

If you have any questions about this process, please post to our community support forum and we will be happy to help!