TurnKey Linux Virtual Appliance Library
Low-traffic Security and News Announcements: up to one email a month (usually less). Leave this checked if you subscribed your email address to the newsletter before creating a user account.

CVE-2014-0235 GHOST: reboot or restart services

A remotely exploitable, 14 year old bug in glibc has reared its ugly head: CVE-2014-0235

Security updates have been pushed out automatically, courtesy of Debian to TurnKey 13 installations. TurnKey 12 installations that have enabled Squeeze LTS support have also received an update.

The catch is that running services need to be restarted for the security update to take effect.

Read more:

http://www.turnkeylinux.org/blog/ghost-cve-2015-0235

SSH security issue, new apps, BitKey for Bitcoin, an epiphany on values and other stories

Round of announcements:

  1. Security update regenerates stale SSH ECDSA host key

    Thanks to Peter Lieven from KAMP.de for discovering a stale ECDSA host key which was leftover from the build process. We've issued a security update to regenerate it automatically within the next 24 hours:

    http://www.turnkeylinux.org/blog/ssh-ecdsa-security-update

  2. We have 16 new apps lined up for the upcoming 13.1 release: