- From: Daniel DeLeo <
>
- To:
- Cc:
- Subject: [chef] Re: Re: Chef 0.10.2 and 0.9.18 released!
- Date: Wed, 29 Jun 2011 13:09:27 -0700
On Wednesday, June 29, 2011 at 1:07 PM, Jason J. W. Williams wrote:
>
Anything besides "gem install chef-server chef" required for 0.10.0 install?
>
>
-J
If you've installed from gems, gem install chef-server plus a reboot of
chef-server should do it.
We'll get apt packages out as soon as we can.
--
Dan DeLeo
>
>
On Wed, Jun 29, 2011 at 1:51 PM, Noah Kantrowitz
>
<
>
>
(mailto:
)>
>
wrote:
>
> Chef 0.10.2 and 0.9.18 have been released on RubyGems. This is a critical
>
> security update to Chef Server and it is recommended that all
>
> open-source Chef
>
> Server users upgrade as soon as possible. Users of Opscode's Hosted Chef
>
> and
>
> Private Chef are not affected. For those unable to upgrade the patch is
>
> available on GitHub:
>
> https://github.com/opscode/chef/commit/a4ea6edab2fecb922f999cffb0daa04eeeec7a26#diff-0.
>
>
>
> The issue being patched is that non-admin clients in the open-source
>
> server were
>
> able to upload and delete cookbooks. This could potentially allow
>
> privilege
>
> escalation in an already compromised network. No known exploits exist at
>
> this
>
> time.
>
>
>
> Chef 0.10.2 contains only the relevant security fix. Chef 0.9.18
>
> contains the
>
> security fix as well as the following bug fixes:
>
>
>
> * CHEF-2234: dpkg package provider ignores ~ in versions
>
> * CHEF-2129: Old zypper versions will crash because they don't know the
>
> commandline arguments
>
> * CHEF-2367: Support multiple lines in DAEMONS list in rc.conf on Arch
>
> linux
>
> * CHEF-2274: Shef does not seem to include the chef libraries
Archive powered by MHonArc 2.6.16.