Blog Tags: 

Webmin remote exploit/vulnerability does NOT affect TurnKey

It has come to our attention that a number of Webmin releases include a vulnerability that could allow a remote attacker to take control of a server with a vulnerable version of Webmin installed. Alarmingly:

v15.x - Updated apps, plus new Redis appliance

Bugfixes and Updates

We have published a number of updated appliances since my last appliance updates blog post (all the way back in February!?). This post is well overdue and in fact a few of the appliances have been updated multiple times... Please read on about the new Redis appliance. And/or read about the updated appliances and the relevant changes of significance.

All of these appliances are now available to download from their relevant appliance pages (links provided in each entry). They are also available to run in the cloud from the TurnKey Hub and/or for Proxmox within the storage templates section. The most June updates will also be available from AWS Marketplace ASAP; the earlier updates should be available already.

New TurnKey appliance versioning regime

Updated Appliance Versioning

Users who have been using TurnKey for a while, may have noticed that the release cycle of TurnKey appliances has changed in more recent times. Since version 14.2, we quietly implemented a new versioning regime which allows for appliances to released individually, i.e. be on different versions. This allows us to update specific appliances as needed, rather than needing to wait and do them all in a batch. I've been meaning to explicitly share this info for a while now, so here we go...!

Debian 7/Wheezy & 8/Jessie backports repos archived

Ever vigilant TurnKey community member, John Carver (aka Dude4Linux), has again bought to our attention an issue worth addressing. In a recent bug report John notes that the Debian old-old-stable (7/Wheezy) and old-stable (8/Jessie) backports apt repositories have now been archived.

Ideally v13.x & v14.x TurnKey users are advised to update/migrate their data to the relevant current v15.x release of their appliance. If you need a hand with that, please do not hesitate to start a new thread on the forums (new threads require a free website user account; if you have any troubles posting please let us know). But if that's not an option right now, to avoid errors jamming up your apt logs, TurnKey v13.x and v14.x users are advised to make an adjustment to their servers.

v15.x - 12 Updated Appliances, plus New OpenCart Appliance

Bugfixes and Updates

There are 13 12 Appliances that have recently been updated, and one new appliance; OpenCart.

Some appliances include security related updates, some include bugfixes, some include both.

Security Vulnerabilities: SA-CORE-2019-003 - Drupal 8 Core, Drupal 7 plugins

SA-CORE-2019-003 - Highly critical - Remote Code Execution

Popular CMS platform Drupal recently announced a highly critical security vulnerability: SA-CORE-2019-003. This vulnerability allows for remote code execution on an exploited server. It is rated Highly Critical and mass exploits are now being reported in the wild!

v15.1 Appliance Updates and Bugfixes - 70+ Rebuilt and Updated Apps

In the wake of the "mini-nightmare" (to quote a user) that was the Debian MariaDB auto removal fiasco; we're back with ~70 updated appliances (all the ones with MySQL/MariaDB). They include all the latest Debian packages.

Debian security update breaks v15.x LAMP based servers!

UPDATE: v15.1 update & bugfix release is now available. New versions of all affected appliances can now be downloaded.

Security Vulnerabilities: SA-CORE-2018-006 - Drupal 7.x & Drupal 8.x

SA-CORE-2018-006 - Multiple Vulnerabilities in Drupal 7 & 8

Popular CMS platform Drupal have just announced that versions of Drupal 7 prior to 7.60 and Drupal 8 prior to 8.5.8 and/or 8.6.2 are affected by SA-CORE-2018-006. For more info on the vulnerabilities, please see the relevant Drupal advisory.

v15.0 Stable Release #4 - final appliance roundup

I'm pleased to announce the 4th and final stage of the v15.0 release. This final instalment consists of 31 new, updated and/or bugfixed appliances. It follows release parts 1, 2 and 3. As per stage 2; it includes the appliances in all available build types. It includes a brand new video hosting appliance; YouPHPTube, as well as bugfix releases of a number of v15.0 appliances (as v15.1/v15.2). It also hails an update to the Hub which makes v15.x appliances the default option when launching new servers. Read on from more info, or jump straight to the links.

turnkey 15.0 banner

Pages