[chef] Re: Re: Re: Re: Re: Re: Re: Chef server & heartbleed

[Stephen Delano < >]

The upgrade instructions now linked in the blog post at http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ mention that a restart is required after the upgrade. Thanks for pointing this out.

Here are the instructions if you don't want to be clicking around: http://docs.opscode.com/upgrade_server_open_source.html#upgrade-to-newer-versions-of-chef-server-11

Cheers,

Stephen

On Wed, Apr 9, 2014 at 3:17 PM, Tucker < " target="_blank"> > wrote:

Two more comments and then I'm done, I swear:

* "chef-server-ctl reconfigure" doesn't reload the openssl libs.  You have to do a restart.  The blog post should mention that.

* Confirmed fixed after a restart.

Thanks!

On Wed, Apr 9, 2014 at 3:13 PM, Tucker < " target="_blank"> > wrote:

Installing using rpm works but that makes yum sad.

On Wed, Apr 9, 2014 at 3:08 PM, Tucker < " target="_blank"> > wrote:

Perhaps I'm crazy but I've tested this on two servers and the package looks bad:

# yum install https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.12-1.el6.x86_64.rpm

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

Setting up Install Process

chef-server-11.0.12-1.el6.x86_64.rpm                                                                                                                                                                    | 197 MB     00:16     

Examining /var/tmp/yum-root-abmR0f/chef-server-11.0.12-1.el6.x86_64.rpm: chef-server-11.0.12-1.el6.x86_64

Cannot install package chef-server-11.0.12-1.el6.x86_64. It is obsoleted by installed package chef-server-11.0.10-1.el6.x86_64

Error: Nothing to do

On Wed, Apr 9, 2014 at 1:56 PM, Stephen Delano < " target="_blank"> > wrote:

Builds of the Open Source Chef Server are ready to download now. They should be available via http://getchef.com/chef/install. I'll be posting a blog post for all the server releases in a just a few minutes. Cheers!

On Wed, Apr 9, 2014 at 1:21 PM, Michael Glenney < " target="_blank"> > wrote:

Let me clarify. RHEL 6 only. 6.4 or .5 and above. RHEL5 is fine

Sent from my iPhone

On Apr 9, 2014, at 1:19 PM, Michael Glenney < " target="_blank"> > wrote:

That's not the case. RHEL OpenSSL was certainly affected. We received errata and had to patch.

Sent from my iPhone

On Apr 9, 2014, at 10:44 AM, JOHN HASTY < " target="_blank"> > wrote:

At our scrum this morning, our security person said that no RHEL official version of OpenSSL contains the vulnerability. So unless someone compiled it from source code, it should be good.

The bad news is that the latest Fedora installations do have it.



JOHN HASTY
Software as a Service - DevOps
Software Group

Phone: 1-512-804-9968 E-mail:  " target="_blank">	<32787972.gif> 2407 S Congress Ave Ste E-350 Austin, TX 78704 United States

<graycol.gif>Tucker ---04/09/2014 11:29:30 AM---Any update on this?  The blog has chef client updates but I've yet to see anything on server.

From: Tucker < " target="_blank"> >
To: " " target="_blank"> " < " target="_blank"> >,
Date: 04/09/2014 11:29 AM
Subject: [chef] Re: Re: Chef server & heartbleed

---

Any update on this?  The blog has chef client updates but I've yet to see anything on server.


On Tue, Apr 8, 2014 at 8:15 AM, Adam Jacob < " target="_blank"> > wrote:

Cutting releases today. Full announcement soon.

On Apr 8, 2014 8:14 AM, "Daniel Givens" < " target="_blank"> > wrote:

It looks like openssl in the latest Chef server package for Ubuntu (haven’t checked EL) is vulnerable to the Heartbleed[1] exploit. Any word on when an update will be made available?

Thanks!

Daniel

[1] http://heartbleed.com/

--

--tucker

--
Stephen Delano
Software Development Engineer
Opscode, Inc.
1008 Western Avenue
Suite 601
Seattle, WA 98104

--

--tucker

--

--tucker

--

--tucker

-- 
Stephen Delano
Software Development Engineer
Opscode, Inc.
1008 Western Avenue
Suite 601
Seattle, WA 98104