Announcements from Opscode

[opscode-announce] Release Announcement: Security Vulnerability Releases of Chef Server


Chronological Thread 
  • From: Chef Release Announcements <no-reply.2cf8t@zapiermail.com>
  • To: opscode-announce@lists.opscode.com
  • Cc:
  • Subject: [opscode-announce] Release Announcement: Security Vulnerability Releases of Chef Server
  • Date: Thu, 26 Jun 2014 20:44:58 -0000
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=zapiermail.com; s=pic; q=dns; h=Content-Type: Mime-Version: Subject: From: To: Cc: Date: Message-Id: Reply-To: Sender; b=Q8Mh1j8WyclTca+QUj9pBzJQOqxtT7eGy3WHu0fvZSN75uvYdZvUbr9DOreMtBrfNFiTNG SpT9NzzgnChvhoMUO1zddzK9AhcGZDfS+zcP1HRMIf+eComoAgXL7f3d9POVdTRO39GWIKAM LSFXkv40MbpoGjXJF3Q9xLH0weaRI=

Hello,


Today we are releasing new versions of Enterprise Chef Server and Open Source Chef Server to address a PostgreSQL configuration vulnerability error.


The defect allows any local user on the system hosting the Chef Server’s PostgreSQL components full access to databases.


We advise all Chef Server users to update to this latest release which corrects the error.


This error was discovered and reported by our friends at Gitlab.


Affected versions:


All versions of Enterprise Chef Server 11 are affected. If this impacts you, go here.


All versions of Enterprise Chef Server 1.4 are affected. If this impacts you, go here.


All versions of Open Source Chef Server 11 are affected. If this impacts you, go here.


Please contact us with any questions or concerns.


Joseph Smith

Joseph Smith




http://www.getchef.com/blog/2014/06/26/security-vulnerability-releases-of-chef-server/



---------------------------------------------------------------------------
Visit this link to stop these emails: http://zpr.io/H5hv


Archive powered by MHonArc 2.6.16.

§