Friday, January 13, 2017

CodeIgniter Security Issue CVE-2016-10131

[ UPDATE 2017-01-17 ]

The Bitnami Team is happy to announce that the Bitnami Cloud Hosting images have been properly updated and they use the latest version of CodeIgniter.

----

The CodeIgniter project released a new update that contains an important security fix for a cross-site scripting vulnerability. We strongly recommend that all CodeIgniter developers using Bitnami LAMP installations or CodeIgniter Development container should upgrade to the latest version immediately.

We released new versions of Bitnami LAMP, MAMP, WAMP, LAPP, MAPP and WAPP (PHP5 and PHP7) installers, virtual machines and cloud images that fix this security issue. We also released a new version of our Bitnami CodeIgniter development container. Further details regarding the security issue are explained below:

"System/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments."

More info: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10131

Workaround

 

If you're unable to upgrade right away, you can secure your installation against this vulnerability by manually updating CodeIgniter. In order to do so, please follow the instructions below:

https://codeigniter.com/userguide3/installation/upgrading.html

Do you have questions about Bitnami or the security issue? Please post to our community forum and we will be happy to help you.

No comments:

Post a Comment

Please use our community forum if you have any questions community.bitnami.com