Security Vulnerabilities: SA-CORE-2019-003 - Drupal 8 Core, Drupal 7 plugins

SA-CORE-2019-003 - Highly critical - Remote Code Execution

Popular CMS platform Drupal recently announced a highly critical security vulnerability: SA-CORE-2019-003. This vulnerability allows for remote code execution on an exploited server. It is rated Highly Critical and mass exploits are now being reported in the wild!

Security Vulnerabilities: SA-CORE-2018-006 - Drupal 7.x & Drupal 8.x

SA-CORE-2018-006 - Multiple Vulnerabilities in Drupal 7 & 8

Popular CMS platform Drupal have just announced that versions of Drupal 7 prior to 7.60 and Drupal 8 prior to 8.5.8 and/or 8.6.2 are affected by SA-CORE-2018-006. For more info on the vulnerabilities, please see the relevant Drupal advisory.

Security update regenerates stale SSH ECDSA host key

Peter Lieven from KAMP.de discovered a problem with TurnKey 13.0 where the OpenSSH ECDSA key is not regenerated on firstboot like the RSA and DSA host keys.

We've issued a signed hotpatch to TurnKey Core 13.0 that regenerates the ECDSA SSH host key. TurnKey deployments that have not disabled automatic security updates (it's on by default) will have their ECDSA SSH host key regenerated automatically within the next 24 hours.

And then there were three...

Hi all! This is my virgin TurnKey blog post. Many of you on the forums would have come across me in your travels no doubt. I have been a volunteer serial poster on the forums now for many years. I have even had the privilege of having a blog post written about me by Liraz (one of the core TurnKey devs).

TurnKey 13 critical security issue (Heartbleed / CVE-2014-0160)

Without action, your TurnKey 13 installations may remain vulnerable to the critical Heartbleed OpenSSL attack (DSA-2896-1 CVE-2014-0160). This is not a theoretical attack.