Tag:
Security
Security Releases: Chef Server 12, Enterprise Chef 11, Chef Manage
By Steven Danna
Ohai Chefs! Today we have releases of Chef Server 12.1.0, Enterprise Chef Server 11.3.2, and Chef Manage 1.17.0 which contain the following security updates: Redis 2.8.21 This update addresses CVE-2015-4335, a remote code execution vulnerability in Redis.
Read moreSecurity Release: Chef Server 12.0.1 and Enterprise Chef Server 11.2.6
By Mark Mzyk
Available for immediate download are Chef Server 12.0.1 and Enterprise Chef Server 11.2.6. This release addresses CVE-2014-8144, a CSRF vulnerability found in doorkeeper, a gem used by the oc-id service that ships with the Chef Server. This release updates oc-id to the latest version, 0.4.4, which contains the patched doorkeeper gem.
Read moreChef Client Windows Patches for OpenSSL CVE-2014-0224 Vulnerability
By Serdar Sutay
Ohai Chefs, We have just released Chef Client versions 11.12.8-2 and 10.32.2-3 which includes the mitigation for the recently reported OpenSSL vulnerability CVE-2014-0224. Note that after installing these builds, if you check the OpenSSL version using `OpenSSL::OPENSSL_VERSION` you will see `OpenSSL 1.0.0k 5 Feb 2013`.
Read moreChef Security Releases: 11.12.8 & 10.32.2-2
By Serdar Sutay
Ohai Chefs, Today we are releasing Chef Client 11.12.8 & 10.32.2-2 which include an updated version of OpenSSL that patches CVE-2014-0224. All installs of Chef Client should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.
Read more