Ohai Compliance friends,
Chef Compliance 1.11.6 is now available from the Chef downloads site. This is a patch release update which is recommended for all users of Chef Compliance. It contains a number of vulnerability fixes for Ruby:
Bug fixes:
- CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
- CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
- CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docod
- CVE-2017-14064: Heap exposure in generating JSON
Upgrade instructions
Upgrade instructions for Chef Compliance are found here. Download is available at the Chef downloads site.
– Dominik