[<prev] [next>] [day] [month] [year] [list]
Message-ID: <F7168423-5178-49CD-B27E-28E3100638EC@mnx.io>
Date: Thu, 13 Mar 2025 18:49:07 +0000
From: Dan McDonald <danmcd@....io>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Triton Product Security announcement: Debian 12 LX image from 2024-07
has static SSH keys
This affects both standalone SmartOS and Triton Data Center.
See:
https://security.tritondatacenter.com/tps-2025-002/
and
https://smartos.topicbox.com/groups/smartos-discuss/Ta6f13072e6bedddc-M3702e993edd7d6ce8d78dfc8
The Debian 12 LX zone image 60f76fd2-143f-4f57-819b-1ae32684e81b from 2024-07 has static SSH keys in it. It has a mitigation (regenerate in-zone), but if you are a SmartOS or Triton user running a Debian 12 LX zone using THIS SPECIFIC image, you should mitigate or rebuild the zone. You should also remove this image from your local image cache. Either of the above links shows you how.
Thanks,
Dan McDonald & Nahum Shalman -- SmartOS & Triton development
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
