Important security notice: Your TurnKey system may no longer be receiving automatic security updatesLiraz Siri - Thu, 2011/06/16 - 19:37 - 5 comments | Latest by Liraz Siri
I have some bad news and some good news. The bad news is that if your TurnKey installation is older than 2 weeks you may no longer be receiving security updates.
The good news is that you are reading this and there is a very easy fix. Either reboot your system, or log in and restart the cron service:
Until you start recron, security updates and other scheduler related services (e.g., daily backups) will not work.
According to a routine report generated from the access logs on our security repository, there are currently thousands of TurnKey installations affected by this issue. Those systems are not getting automatic security updates. There's no immediate risk, but that could quickly change if a remote vulnerability is discovered in the time it takes whomever is responsible for the server to figure this out.
Make sure we can always reach you
There's moral in all of this: make sure we can always reach you somehow.
Sure, usually we don't need to get your attention regarding security issues because TurnKey is configured to auto-install updates, but as this incident shows, we can't rely on that always working.
This time we can't fix the issue on our side, since it effects the very auto-update mechanism that's usually used to fix security issues.
The best we can do is try to reach out to users and inform them that there is an issue that they need to manually intervene to resolve. Hopefully we can get through to anyone subscribed to this blog or the News and Security announcements newsletter, or that has a Hub account.
In any case, we'll soon find out from the logs on the security repository just how many of our users we can or can't reach.