Chef Mailing Lists - Archives
Please visit https://discourse.chef.io to subscribe
Please visit https://discourse.chef.io to subscribe
Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay
SubscribeOwners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay
Unsubscribe
Info
Archive
RSS
Shared documents
- From: Tucker < >
- To: " " < >
- Subject: [chef] Re: Re: Re: Re: Chef server & heartbleed
- Date: Wed, 9 Apr 2014 11:29:03 -0700
Just so no one is confused by this:
Updating the openssl package(s) on the system(s) running Chef server has no bearing on this. Chef Server comes with an embedded copy of openssl and that version is vulnerable. Anyone running an open source Chef server will want to update once this has been released (or at least patch the embedded openssl source files). This goes double for anyone who has a Chef public on the interwebs.
On Wed, Apr 9, 2014 at 10:44 AM, JOHN HASTY <
" target="_blank">
> wrote:
At our scrum this morning, our security person said that no RHEL official version of OpenSSL contains the vulnerability. So unless someone compiled it from source code, it should be good.
The bad news is that the latest Fedora installations do have it.
JOHN HASTY
Software as a Service - DevOps
Software Group
Phone: 1-512-804-9968
E-mail: " target="_blank">
2407 S Congress Ave Ste E-350
Austin, TX 78704
United States
Tucker ---04/09/2014 11:29:30 AM---Any update on this? The blog has chef client updates but I've yet to see anything on server.
From: Tucker < " target="_blank"> >
To: " " target="_blank"> " < " target="_blank"> >,
Date: 04/09/2014 11:29 AM
Subject: [chef] Re: Re: Chef server & heartbleed
Any update on this? The blog has chef client updates but I've yet to see anything on server.
On Tue, Apr 8, 2014 at 8:15 AM, Adam Jacob < " target="_blank"> > wrote:Cutting releases today. Full announcement soon.
On Apr 8, 2014 8:14 AM, "Daniel Givens" < " target="_blank"> > wrote:
It looks like openssl in the latest Chef server package for Ubuntu (haven’t checked EL) is vulnerable to the Heartbleed[1] exploit. Any word on when an update will be made available?
Thanks!
Daniel
[1] http://heartbleed.com/
--
--tucker
--tucker
- [chef] Chef server & heartbleed, Daniel Givens, 04/08/2014
- [chef] Re: Chef server & heartbleed, Adam Jacob, 04/08/2014
- [chef] Re: Re: Chef server & heartbleed, Tucker, 04/09/2014
- [chef] Re: Re: Re: Chef server & heartbleed, Adam Jacob, 04/09/2014
- [chef] Re: Re: Re: Chef server & heartbleed, JOHN HASTY, 04/09/2014
- [chef] Re: Re: Re: Re: Chef server & heartbleed, Tucker, 04/09/2014
- [chef] Re: Re: Re: Re: Chef server & heartbleed, Michael Glenney, 04/09/2014
- [chef] Re: Re: Re: Re: Chef server & heartbleed, Michael Glenney, 04/09/2014
- [chef] Re: Re: Re: Re: Re: Chef server & heartbleed, Stephen Delano, 04/09/2014
- [chef] Re: Re: Re: Re: Re: Re: Chef server & heartbleed, Tucker, 04/09/2014
- [chef] Re: Re: Re: Re: Re: Re: Chef server & heartbleed, Tucker, 04/09/2014
- [chef] Re: Re: Re: Re: Re: Re: Chef server & heartbleed, Tucker, 04/09/2014
- [chef] Re: Re: Re: Re: Re: Re: Re: Chef server & heartbleed, Stephen Delano, 04/09/2014
- [chef] Re: Chef server & heartbleed, Michael Hart, 04/09/2014
- [chef] Re: Re: Chef server & heartbleed, Daniel DeLeo, 04/09/2014
- [chef] Re: Re: Re: Re: Re: Chef server & heartbleed, Stephen Delano, 04/09/2014
- [chef] Re: Re: Re: Re: Chef server & heartbleed, Michael Glenney, 04/09/2014
- [chef] Re: Re: Re: Re: Re: Re: Re: Chef server & heartbleed, Nick Silkey, 04/10/2014
- [chef] Re: Re: Chef server & heartbleed, Tucker, 04/09/2014
- [chef] Re: Chef server & heartbleed, Adam Jacob, 04/08/2014
Archive powered by MHonArc 2.6.16.