Announcements from Opscode

[opscode-announce] Release Announcement: Security Vulnerability Releases of Chef Server


Chronological Thread 
  • From: Chef Release Announcements <no-reply.2cf8t@zapiermail.com>
  • To: opscode-announce@lists.opscode.com
  • Cc:
  • Subject: [opscode-announce] Release Announcement: Security Vulnerability Releases of Chef Server
  • Date: Thu, 26 Jun 2014 20:44:19 -0000
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=zapiermail.com; s=pic; q=dns; h=Content-Type: Mime-Version: Subject: From: To: Cc: Date: Message-Id: Reply-To: Sender; b=jYVRF6ciqjSZtrv22dXuYTroJU/Z2UvEYdBGDWX6w7BLXez8opmJ7dlFyhQu9jAc0JGMyS iSa36RO1uZ8/CItU0YMRvrBS+Il2V5jXzLgPQMsUbSrOZSgIUidkEmH5Qr24Y6+aPaLdQs5U VdimgMkmmBLa/c6uk8soy3OBlNTVU=

Hello,


Today we are releasing new versions of Enterprise Chef Server and Open Source Chef Server to address a PostgreSQL configuration vulnerability error.


The defect allows any local user on the system hosting the Chef Server’s PostgreSQL components full access to databases.


We advise all Chef Server users to update to this latest release which corrects the error.


This error was discovered and reported by our friends at Gitlab.


Affected versions:


All versions of Enterprise Chef Server 11 are affected. If this impacts you, go here.


All versions of Enterprise Chef Server 1.4 are affected. If this impacts you, go here.


All versions of Open Source Chef Server 11 are affected. If this impacts you, go here.


Please contact us with any questions or concerns.


Joseph Smith

Joseph Smith




http://www.getchef.com/blog/2014/06/26/security-vulnerability-releases-of-chef-server/



---------------------------------------------------------------------------
Visit this link to stop these emails: http://zpr.io/H5hv


Archive powered by MHonArc 2.6.16.

§