Friday, July 10, 2015

Security Notification: OpenSSL Alternative chains certificate forgery CVE-2015-1793



A new security vulnerability was recently discovered in certain versions of OpenSSL. You can find out more about the vulnerability here: https://www.openssl.org/news/secadv_20150709.txt

Any Bitnami-packaged applications using affected versions of OpenSSL that were installed or launched after June 11th, 2015 are vulnerable.

While this vulnerability is not as critical as previous ones like Heartbleed, we believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami. To this end, our team worked to update all of the affected applications available through Bitnami and other cloud marketplaces that distribute Bitnami images within 32 hours of the report.

We also created a patch that can be applied to fix this vulnerability in applications that are already deployed. Please take a moment to update existing installations of Bitnami-packaged applications by following the instructions in our wiki:

https://wiki.bitnami.com/security/2015-07-09_Alternative_chains_certificate_forgery_CVE-2015-1793

For a list of affected applications, please see after the jump or click here.

If you have any questions about this process, please post to our community support forum and we will be happy to help!


Bitnami-packaged applications affected by the OpenSSL vulnerability:
  • AMP
  • Akeneo
  • Artifactory
  • Civicrm
  • CMS Made Simple
  • CodeDx
  • Codiad
  • Diaspora
  • Discourse
  • DreamFactory
  • Drupal
  • Open edX
  • Elasticsearch
  • EspoCRM
  • eXo Platform Enterprise
  • Ghost
  • Gitlab
  • Gradle
  • Horde
  • InvoiceNinja
  • Jasper Server
  • Jenkins
  • Joomla
  • JRuby
  • Kafka
  • Live Helper Chat
  • Magento
  • MEAN
  • Memcached
  • ModX
  • MongoDB
  • Moodle
  • Noalyss
  • NodeJS
  • Odoo
  • OpenProject
  • OroCRM
  • Owncloud
  • PHPBB
  • Plone
  • Pootle
  • PostgreSQL
  • Prestashop
  • ProcessMaker
  • ProcessWire
  • Redis
  • Redmine + Agile
  • Ruby
  • Sharelock
  • SilverStripe
  • SimpleInvoices
  • Apache Solr
  • Squash
  • SugarCRM
  • Tomcat
  • topLog
  • Trac
  • Tracks
  • TYPO3
  • Weblate
  • Wordpress
  • X-Cart
  • YouTrack