Blog-Icon_2_100x385

Chef Server Security Updates

By

This morning we released Enterprise Chef Server 11.0.2 and Chef Server 11.0.10. We recommend all users upgrade to these new versions to pick up the following security fixes:

  • Nginx [CVE-2013-4547] – security restriction bypass flaw due to whitespace parsing
  • Solr [CHEF-4792] – Disable insecure JMX settings leading to potential remote code execution
  • Rails [CVE-2013-4389] – Possible DoS Vulnerability in Action Mailer
  • Ruby 1.9.2 [CVE-2013-4164] – Heap Overflow in Floating Point Parsing

A special thanks goes to James Ogden of Technophobia for alerting us to the JMX vulnerability.

Posted in:

Kevin Smith

Categories

INTERNET US

Company
Using Chef
Legal
Connect with us
Contact Us

Chef is part of the Progress product portfolio. Progress is the leading provider of application development and digital experience technologies.

Copyright © 2024 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.

Progress and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

Do Not Sell or Share My Personal Information

Powered by Progress Sitefinity