Hi Apache Friends!
We just released new versions of XAMPP for Windows, OS X and Linux. This is a security release to fix libpng CVE-2015-8126 for OS X and Linux versions. This issue allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (image header) chunk in a PNG image.
The libpng version has not been upgraded for Windows yet. We use the official PHP compiled binaries for Windows and the current versions use a previous libpng. We will release a new XAMPP version as soon as it is available.
You can check the libpng version with the following commands:
Linux: /opt/lampp/bin/libpng-config –version
OS X: /Applications/XAMPP/xamppfiles/bin/libpng-config –version
The non vulnerable version is 1.5.24. You can download new versions at http://www.apachefriends.org/download.html.
v5.5.30-4 / v5.6.14-4
- Updated libPNG to 1.2.24 for OS X and Linux
We need your help to continue improving our new Dashboard! Please post any suggestions in our forum thread.