Candidate: CVE-2015-8559
PublicDate: 2017-09-21 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8559
 https://github.com/chef/chef/issues/3871
 http://www.openwall.com/lists/oss-security/2015/12/14/10
Description:
 The knife bootstrap command in chef Infra client before version 15.4.45
 leaks the validator.pem private RSA key to /var/log/messages.
Ubuntu-Description:
Notes:
 leosilva> workaround using validatorless bootstrapping
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_chef:
 upstream: https://github.com/chef/chef/pull/8885/commits/6d8fa463cde53431ea0651bb7386e6411e8fca29
upstream_chef: needs-triage
precise_chef: DNE
precise/esm_chef: DNE
trusty_chef: ignored (out of standard support)
trusty/esm_chef: needed
vivid_chef: ignored (reached end-of-life)
vivid/stable-phone-overlay_chef: DNE
vivid/ubuntu-core_chef: DNE
wily_chef: ignored (reached end-of-life)
xenial_chef: ignored (end of standard support, was needed)
yakkety_chef: ignored (reached end-of-life)
zesty_chef: ignored (reached end-of-life)
artful_chef: ignored (reached end-of-life)
bionic_chef: needed
cosmic_chef: ignored (reached end-of-life)
disco_chef: ignored (reached end-of-life)
eoan_chef: ignored (reached end-of-life)
focal_chef: not-affected
groovy_chef: DNE
hirsute_chef: DNE
impish_chef: DNE
jammy_chef: DNE
devel_chef: DNE