----
Chef Client Windows Patches for OpenSSL CVE-2014-0224 Vulnerability
// Chef Blog
Ohai Chefs,
We have just released Chef Client versions 11.12.8-2 and 10.32.2-3 which includes
the mitigation for the recently reported OpenSSL vulnerability
CVE-2014-0224.
Note that after installing these builds, if you check the OpenSSL version using
OpenSSL::OPENSSL_VERSION you will see OpenSSL 1.0.0k 5 Feb 2013. This is
because we are using pre-compiled binaries for windows packages and OpenSSL
version is set during the compile time.
You can verify that you have the right version of OpenSSL on your windows nodes
by checking the properties of libeay32.dll & ssleay32.dll files under
C:\opscode\chef\embedded\bin directory. You should see 1.0.0m as the
Product Version in Details tab. See the screenshot below as an example:
As usual you can get these releases for non-windows platforms using commands below:
curl -L https://www.opscode.com/chef/install.sh | sudo bash -s -- -v 10.32.2 curl -L https://www.opscode.com/chef/install.sh | sudo bash -s -- -v 11.12.8
For Windows releases you can use these links:
----
Shared via my feedly reader
Sent from my iPhone
No comments:
Post a Comment