Blog Tags: 
mibew
security updates
security
v16.x

Mibew Security updated v16.1 appliance - includes Mibew v3.2.7

Jeremy Davis - Mon, 2020/07/27 - 05:24 - 1 comments

In case you missed it, earlier this month, Mibew released an update that include "many security updates". So we have deprecated all previous versions and now provided an updated v16.1 appliance that includes the latest Mibew v3.2.7.

New users should only use this new v16.1 appliance - available for download from the Mibew appliance page.

Read more and discuss
Blog Tags: 
security
webmin

Webmin remote exploit/vulnerability does NOT affect TurnKey

Jeremy Davis - Mon, 2019/08/26 - 06:06 - 3 comments

It has come to our attention that a number of Webmin releases include a vulnerability that could allow a remote attacker to take control of a server with a vulnerable version of Webmin installed. Alarmingly:

Read more and discuss
Blog Tags: 
release
update
news
new appliance
v15.x
security

v15.x - Updated apps, plus new Redis appliance

Jeremy Davis - Fri, 2019/06/28 - 08:09 - 4 comments

Bugfixes and Updates

We have published a number of updated appliances since my last appliance updates blog post (all the way back in February!?). This post is well overdue and in fact a few of the appliances have been updated multiple times... Please read on about the new Redis appliance. And/or read about the updated appliances and the relevant changes of significance.

All of these appliances are now available to download from their relevant appliance pages (links provided in each entry). They are also available to run in the cloud from the TurnKey Hub and/or for Proxmox within the storage templates section. The most June updates will also be available from AWS Marketplace ASAP; the earlier updates should be available already.

Read more and discuss
Blog Tags: 
release
security
v15.x
update
new appliance

v15.x - 12 Updated Appliances, plus New OpenCart Appliance

Jeremy Davis - Thu, 2019/02/28 - 05:39 - 2 comments

Bugfixes and Updates

There are 13 12 Appliances that have recently been updated, and one new appliance; OpenCart.

Some appliances include security related updates, some include bugfixes, some include both.

Read more and discuss
Blog Tags: 
security
drupal
drupal8
announcement
drupal7
v15.x

Security Vulnerabilities: SA-CORE-2019-003 - Drupal 8 Core, Drupal 7 plugins

Jeremy Davis - Sun, 2019/02/24 - 05:37

SA-CORE-2019-003 - Highly critical - Remote Code Execution

Popular CMS platform Drupal recently announced a highly critical security vulnerability: SA-CORE-2019-003. This vulnerability allows for remote code execution on an exploited server. It is rated Highly Critical and mass exploits are now being reported in the wild!

Read more and discuss
Blog Tags: 
security
drupal
drupal7
drupal8
announcement
v15.x

Security Vulnerabilities: SA-CORE-2018-006 - Drupal 7.x & Drupal 8.x

Jeremy Davis - Thu, 2018/10/18 - 03:57

SA-CORE-2018-006 - Multiple Vulnerabilities in Drupal 7 & 8

Popular CMS platform Drupal have just announced that versions of Drupal 7 prior to 7.60 and Drupal 8 prior to 8.5.8 and/or 8.6.2 are affected by SA-CORE-2018-006. For more info on the vulnerabilities, please see the relevant Drupal advisory.

Read more and discuss
Blog Tags: 
drupal
drupal7
drupal8
security

Drupal SA-CORE-2018-002 - Highly critical - Remote Code Execution vulnerability

Jeremy Davis - Wed, 2018/04/04 - 06:37 - 2 comments

Late last week, the Drupal Security Team announced a "Highly critical" remote code execution vulnerability that affects Drupal 6 (EOL), Drupal 7 and Drupal 8. SA-CORE-2018-002 dubbed "Drupalgeddon2" was discovered by Jasper Mattsson. Drupal scores it a whopping 21 (out of a possible 25) "Security Risk Level". All users are recommended to update their Drupal sites immediately.

Read more and discuss
Blog Tags: 
security

Meltdown and Spectre: What TurnKey users need to know

Jeremy Davis - Thu, 2018/01/11 - 11:00
By now, I'm sure that you've already heard of the latest vulnerabilities doing the rounds; tagged Meltdown and Spectre. As seems to be the fashion, these new vulnerabilities have cool names, their own website, and the funky looking logos, just below.

I'll provide some more specific details and links for further reading below. I'll also cover checking that you are running a patched kernel, as well as some notes for AWS users.

Read more and discuss
Blog Tags: 
security
all

Stack-Clash vulnerability - Reboot to enable new patched kernel

Jeremy Davis - Thu, 2017/06/22 - 10:00 - 2 comments

Once again, thanks to community member John Carver for highlighting a new Linux vulnerability. Qualys Security Labs discovered and demonstrated the vulnerability, and have named it "Stack-Clash".

Read more and discuss

Pages