[chef] Re: Re: Re: Re: Chef server & heartbleed

[Michael Glenney < >]

That's not the case. RHEL OpenSSL was certainly affected. We received errata and had to patch.

Sent from my iPhone

On Apr 9, 2014, at 10:44 AM, JOHN HASTY < "> > wrote:

At our scrum this morning, our security person said that no RHEL official version of OpenSSL contains the vulnerability. So unless someone compiled it from source code, it should be good.

The bad news is that the latest Fedora installations do have it.



JOHN HASTY
Software as a Service - DevOps
Software Group

Phone: 1-512-804-9968 E-mail:  " target="_blank">	<32787972.gif> 2407 S Congress Ave Ste E-350 Austin, TX 78704 United States

<graycol.gif>Tucker ---04/09/2014 11:29:30 AM---Any update on this?  The blog has chef client updates but I've yet to see anything on server.

From: Tucker < "> >
To: " "> " < "> >,
Date: 04/09/2014 11:29 AM
Subject: [chef] Re: Re: Chef server & heartbleed

---

Any update on this?  The blog has chef client updates but I've yet to see anything on server.


On Tue, Apr 8, 2014 at 8:15 AM, Adam Jacob < " target="_blank"> > wrote:

Cutting releases today. Full announcement soon.

On Apr 8, 2014 8:14 AM, "Daniel Givens" < " target="_blank"> > wrote:

It looks like openssl in the latest Chef server package for Ubuntu (haven’t checked EL) is vulnerable to the Heartbleed[1] exploit. Any word on when an update will be made available?

Thanks!

Daniel

[1] http://heartbleed.com/

--

--tucker