Supermarket 3.1.51 released and contains security updates


#1

Supermarket 3.1.51 was released today and is available for download at https://downloads.chef.io/supermarket. This release contains security updates and is a recommended upgrade.

Security Fixes

  • upgrade version of omnibus-embedded nginx #1706 (robbkidd)
    • Addresses the following CVEs:
      • CVE-2016-4450 - denial of service via crafted request involving writing a client request body to a temporary file
      • CVE-2016-0747 - denial of service via vectors related to name resolution
      • CVE-2016-0746 - denial of service via crafted DNS response related to CNAME processing
      • CVE-2016-0742 - denial of service via crafted UDP DNS response