Ohai Chefs, Today we are releasing Chef Client 11.12.8 & 10.32.2-2 which include an updated version of OpenSSL that patches CVE-2014-0224. All installs of Chef Client should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

On Thursday June 5th at approximately 14:00 UTC, the CHEF engineering team was made aware of OpenSSL CVE-2014-0224. A bug in the OpenSSL framework could permit a MITM attack under certain circumstances using a carefully constructed request. Due to the nature of this vulnerabilty, we recommend that you upgrade your installations immediately.

Open Source Chef Server 11.1.1 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Open Source Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

Enterprise Chef Server 11.1.6 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Enterprise Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

Enterprise Chef Server 1.4.11 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Enterprise Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

The Chef Community delivers yet again. John Ewart, a system architect, software developer, and lecturer based in California, recently published, “Managing Windows Servers with Chef” which can be purchased here.

Our good friends at Adobe have been awesome about providing technical insight into their use of Chef in the past. Yesterday, their lead security strategist Peleus Uhley, continued this trend with a very informative blog detailing Chef-automated security testing in Adobe’s private cloud infrastructure.

Our friends at Riot Games have been awesome enough to tell their story at a number of Chef events, and even took us to school in a “Riot Rumble” here at Chef HQ last year. So it’s especially delightful to see Riot profiled in the Harvard Business Review.

We’re excited to announce the release of knife-hp  0.4.0, a major update to the plugin refactored to support the HP Helion Public Cloud version 13.5 release. HP’s API has changed to support a number of new OpenStack features (with many more to come), so the usage of the plugin has changed quite a bit.