TurnKey Linux Virtual Appliance Library

CVE-2016-4340: Privilege escalation via "impersonate" feature in existing v14.0/1 GitLab deployments

It has come to our attention that existing deployments of TurnKey GitLab (versions 14.0 & 14.1) are vulnerable to CVE-2016-4340, a critical security issue that allows authenticated users to escalate their privileges to that of an Administrator.

This issue has been fixed with many others by the GitLab project, as detailed in the 2016-05-02 GitLab Security Advisory.

Due to the seriousness of the issue, new builds of TurnKey GitLab have been published today so new deployments are not vulnerable.

Unfortunate

TurnKey Magento NOT vulnerable to CVE-2016-4010 remote PHP code execution

Thanks to vondrt4 for bringing CVE-2016-4010 to our attention. This was a potentially critical vulnerability in Magento that turns out not to apply to TurnKey Magento, because it only effects Magento versions 2.0 - 2.0.5. The current version of TurnKey Magento is based on Magento 1.9.X.

v14.1 Release - Bugfixes, Maintenance and More

About seven months after the release of v14.0 we are proud to announce the updated v14.1 release.

turnkey 14.0 banner

All of the v14.1 appliances are available for immediate launch in the cloud via the Hub. Amazon MarketPlace builds are on the way too although no ETA at present. All the other builds (e.g. ISO, OVA, Xen, etc.) can be downloaded from their respective appliance pages (eg. LAMP, WordPress Node.js etc). Alternatively the entire library can be downloaded via one of our mirrors.

New Community Built Appliance: TurnKey Odoo

I am excited to announce TurnKey's latest addition; Odoo (formerly OpenERP) appliance. Odoo is a comprehensive ERP (Enterprise Resource Management) system built with Python. Get it now via the Odoo appliance page.

Odoo Official Logo

CVE-2015-8103: Critical remotely exploitable security hole in existing TurnKey Jenkins deployments

Thanks to ElColmo it has come to our attention that existing deployments of TurnKey Jenkins are still vulnerable to CVE-2015-8103, a critical issue that allows remote code execution by unauthenticated users.

This issue has been fixed with many others by the Jenkins project, as detailed in the  2015-11-11 Jenkins Security Advisory.

v14.0 stable release - Massive Community Effort!

Drum roll please... May I proudly introduce: The TurnKey Linux v14.0 release!

turnkey 14.0 banner

A long time coming...

Wow is it mid September already!? What has happened to the year?!

Marching towards v14.0 RC2

Update: v14.0 stable is available in all build types: OVA & VMDK, Proxmox, OpenNode & Docker (Proxmox build is somewhat generic LXC/OpenVZ container) and Xen & OpenStack.

As anyone who has been paying attention would realise; v14.0RC1 has been out for over a month now.

TurnKey v14.0 RC1 is LIVE! (aka we need YOU!)

Update: v14.0 stable is available in all build types: OVA & VMDK, Proxmox, OpenNode & Docker (Proxmox build is somewhat generic LXC/OpenVZ container) and Xen & OpenStack.

It is with great pleasure that I announce the release of Core v14.0RC1 and TKLDev v14.0RC1! But first a little history and context...

And then there were three...

Hi all! This is my virgin TurnKey blog post. Many of you on the forums would have come across me in your travels no doubt. I have been a volunteer serial poster on the forums now for many years. I have even had the privilege of having a blog post written about me by Liraz (one of the core TurnKey devs).

Announcing TurnKey Docker optimized builds

docker logoAs we've mentioned before, making TurnKey easy to deploy no matter your platform of choice is an important goal for the project. TurnKey already supports a mirade of build types including ISO, VMDK, OVF, Amazon EC2, OpenStack, OpenVZ, OpenNode, Xen, and recently added support for LXC.