puzzle_blog

Chef 0.10.2 and 0.9.18 released!

Avatar

By

Chef 0.10.2 and 0.9.18 have been released on RubyGems. This is a critical
security update to Chef Server and it is recommended that all open-source Chef
Server users upgrade as soon as possible. Users of Opscode’s Hosted Chef and
Private Chef are not affected. For those unable to upgrade the patch is
available on GitHub.

The issue (CHEF-2436) being patched is that non-admin clients in the open-source server were
able to upload and delete cookbooks. This could potentially allow privilege
escalation in an already compromised network. No known exploits exist at this
time.

Chef 0.10.2 contains only the relevant security fix. Chef 0.9.18 contains the
security fix as well as the following bug fixes:

  • CHEF-2234: dpkg package provider ignores ~ in versions
  • CHEF-2129: Old zypper versions will crash because they don’t know the command line arguments
  • CHEF-2367: Support multiple lines in DAEMONS list in rc.conf on Arch linux
  • CHEF-2274: Shef does not seem to include the chef libraries
Posted in:

Noah Kantrowitz

Former Chef Employee

Categories

INTERNET US

Company
Using Chef
Legal
Connect with us
Contact Us

Chef is part of the Progress product portfolio. Progress is the leading provider of application development and digital experience technologies.

Copyright © 2024 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.

Progress, Telerik, Ipswitch, Chef, Kemp, Flowmon, MarkLogic, Semaphore and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

Do Not Sell or Share My Personal Information

Powered by Progress Sitefinity