Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <F7168423-5178-49CD-B27E-28E3100638EC@mnx.io>
Date: Thu, 13 Mar 2025 18:49:07 +0000
From: Dan McDonald <danmcd@....io>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Triton Product Security announcement: Debian 12 LX image from 2024-07
 has static SSH keys

This affects both standalone SmartOS and Triton Data Center.

See:

	https://security.tritondatacenter.com/tps-2025-002/

and

	https://smartos.topicbox.com/groups/smartos-discuss/Ta6f13072e6bedddc-M3702e993edd7d6ce8d78dfc8

The Debian 12 LX zone image 60f76fd2-143f-4f57-819b-1ae32684e81b from 2024-07 has static SSH keys in it.  It has a mitigation (regenerate in-zone), but if you are a SmartOS or Triton user running a Debian 12 LX zone using THIS SPECIFIC image, you should mitigate or rebuild the zone.  You should also remove this image from your local image cache.  Either of the above links shows you how.

Thanks,
Dan McDonald & Nahum Shalman -- SmartOS & Triton development


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.