![]() |
|
Message-ID: <F7168423-5178-49CD-B27E-28E3100638EC@mnx.io> Date: Thu, 13 Mar 2025 18:49:07 +0000 From: Dan McDonald <danmcd@....io> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Triton Product Security announcement: Debian 12 LX image from 2024-07 has static SSH keys This affects both standalone SmartOS and Triton Data Center. See: https://security.tritondatacenter.com/tps-2025-002/ and https://smartos.topicbox.com/groups/smartos-discuss/Ta6f13072e6bedddc-M3702e993edd7d6ce8d78dfc8 The Debian 12 LX zone image 60f76fd2-143f-4f57-819b-1ae32684e81b from 2024-07 has static SSH keys in it. It has a mitigation (regenerate in-zone), but if you are a SmartOS or Triton user running a Debian 12 LX zone using THIS SPECIFIC image, you should mitigate or rebuild the zone. You should also remove this image from your local image cache. Either of the above links shows you how. Thanks, Dan McDonald & Nahum Shalman -- SmartOS & Triton development
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.