Popular CMS platform Drupal recently announced a highly critical security
vulnerability: SA-CORE-2019-003. This vulnerability allows for remote
code execution on an exploited server. It is rated Highly Critical and
mass exploits are now being reported in the wild!
SA-CORE-2018-006 - Multiple Vulnerabilities in Drupal 7 & 8
Popular CMS platform Drupal have just announced that versions of Drupal 7 prior to 7.60 and Drupal 8 prior to 8.5.8 and/or 8.6.2 are affected by SA-CORE-2018-006. For more info on the vulnerabilities, please see the relevant Drupal advisory.
Peter Lieven from KAMP.de discovered a problem with TurnKey 13.0 where the OpenSSH ECDSA key is not regenerated on firstboot like the RSA and DSA host keys.
We've issued a signed hotpatch to TurnKey Core 13.0 that regenerates the ECDSA SSH host key. TurnKey deployments that have not disabled automatic security updates (it's on by default) will have their ECDSA SSH host key regenerated automatically within the next 24 hours.
Hi all! This is my virgin TurnKey blog post. Many of you on the forums would have come across me in your travels no doubt. I have been a volunteer serial poster on the forums now for many years. I have even had the privilege of having a blog post written about me by Liraz (one of the core TurnKey devs).
Without action, your TurnKey 13 installations may remain vulnerable to the critical Heartbleed OpenSSL attack (DSA-2896-1CVE-2014-0160). This is not a theoretical attack.