Security Vulnerabilities: SA-CORE-2018-005 - Drupal 8.x & CVE-2018-14773 - Symfony

SA-CORE-2018-005 - Drupal 8

Popular CMS platform Drupal recently announced that versions of Drupal 8 prior to 8.5.6 are affected by SA-CORE-2018-005 / CVE-2018-14773 (more CVE details below). Drupal 8 uses components from the Symfony framework so is affected by this Symfony bug.

Security update regenerates stale SSH ECDSA host key

Peter Lieven from KAMP.de discovered a problem with TurnKey 13.0 where the OpenSSH ECDSA key is not regenerated on firstboot like the RSA and DSA host keys.

We've issued a signed hotpatch to TurnKey Core 13.0 that regenerates the ECDSA SSH host key. TurnKey deployments that have not disabled automatic security updates (it's on by default) will have their ECDSA SSH host key regenerated automatically within the next 24 hours.

And then there were three...

Hi all! This is my virgin TurnKey blog post. Many of you on the forums would have come across me in your travels no doubt. I have been a volunteer serial poster on the forums now for many years. I have even had the privilege of having a blog post written about me by Liraz (one of the core TurnKey devs).

TurnKey 13 critical security issue (Heartbleed / CVE-2014-0160)

Without action, your TurnKey 13 installations may remain vulnerable to the critical Heartbleed OpenSSL attack (DSA-2896-1 CVE-2014-0160). This is not a theoretical attack.