Blog-Icon_6_100x385

Private Chef 1.4.7 Release

This security release includes fixes for the following:

libyaml 0.1.5
[CVE-2013-6393] – ml_parser_scan_tag_uri function in scanner.c performs incorrect cast

OpenSSL 1.0.1f
[CVE-2013-4353] – allows remote TLS servers to cause a denial of service

Nginx 1.4.4
[CVE-2013-2070] – when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service
[CVE-2013-4547] – allows remote attackers to bypass intended restrictions via an unescaped space character in a URI

Ruby 1.9.3-p484
[CVE-2013-4164] – heap-based buffer overflow allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value

PostgreSQL 9.1.9
[CVE-2013-1899] – allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code
[CVE-2013-1900] – when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the “contrib/pgcrypto functions”
[CVE-2013-1901] – does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions
[CVE-2013-1902] – generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to “graphical installers for Linux and Mac OS X”
[CVE-2013-1903]- incorrectly provides the superuser password to scripts related to “graphical installers for Linux and Mac OS X,” which has unspecified impact and attack vectors

Joseph Smith

Join Automate for Good hackathon and be eligible to win $60000 in prizes
chefconf-banner
image_334

FOLLOW @CHEF