Jeremy Davis's picture

DRUPAL SECURITY ALERT

Drupal 7 & 8 (as well as 6) are vulnerable to a highly critical security issue known as SA-CORE-2018-002.

A brief overview with links to additional information can be found on our blog:

https://www.turnkeylinux.org/blog/drupal-sa-core-2018-002-remote-code-execution

The blog post also provides information on updating and/or patching v14.x appliances.

Please post any questions or feedback in the comments on the blog post. Alternatively, please start a new thread on the forums:

https://www.turnkeylinux.org/forum

Also a reminder to any users still on v13.x; that the Wheezy LTS period will end next month (May 2018). That will mean no further Debian security updates from then on. It is HIGHLY recommended that all TurnKey users who still have v13.x instances running, do a TKLBAM data migration to v14.2 or a Debian in-place upgrade to Jessie ASAP! There are some notes regarding TKLBAM data migration in our docs:

https://www.turnkeylinux.org/docs/tklbam-migrate-to-v14

Cheers,

Jeremy Davis
TurnKey GNU/Linux
Cell: +61 497-084-807
PGP fingerprint: 6EAF 8CC7 9E00 2BA5 CE5B 4580 6D0C A24B 0C5C C21B