Without action, your TurnKey 13 installations may remain vulnerable to the critical Heartbleed OpenSSL attack (DSA-2896-1 CVE-2014-0160). This is not a theoretical attack. A remote exploit already exists in the wild.

TurnKey installations are configured to install security updates automatically. Unfortunately, installing the update is not enough.

Read more:

http://www.turnkeylinux.org/blog/heartbleed