Blog

New XAMPP with new libpng version

Hi Apache Friends!

We just released new versions of XAMPP for Windows, OS X and Linux. This is a security release to fix libpng CVE-2015-8126 for OS X and Linux versions. This issue allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (image header) chunk in a PNG image.

The libpng version has not been upgraded for Windows yet. We use the official PHP compiled binaries for Windows and the current versions use a previous libpng. We will release a new XAMPP version as soon as it is available.

You can check the libpng version with the following commands:

Linux: /opt/lampp/bin/libpng-config –version

OS X: /Applications/XAMPP/xamppfiles/bin/libpng-config –version

The non vulnerable version is 1.5.24. You can download new versions at http://www.apachefriends.org/download.html.

v5.5.30-4 / v5.6.14-4

  • Updated libPNG to 1.2.24 for OS X and Linux

We need your help to continue improving our new Dashboard! Please post any suggestions in our forum thread.

Enjoy!