Wednesday, December 4, 2013

Chef Server Security Updates [feedly]

Chef Server Security Updates
http://feedly.com/e/r1Za2C-j

This morning we released Enterprise Chef Server 11.0.2 and Chef Server 11.0.10. We recommend all users upgrade to these new versions to pick up the following security fixes:

  • Nginx [CVE-2013-4547] – security restriction bypass flaw due to whitespace parsing
  • Solr [CHEF-4792] – Disable insecure JMX settings leading to potential remote code execution
  • Rails [CVE-2013-4389] – Possible DoS Vulnerability in Action Mailer
  • Ruby 1.9.2 [CVE-2013-4164] – Heap Overflow in Floating Point Parsing

A special thanks goes to James Ogden of Technophobia for alerting us to the JMX vulnerability.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)