oss-sec mailing list archives

Triton Product Security announcement: Debian 12 LX image from 2024-07 has static SSH keys

From: Dan McDonald <danmcd () mnx io>
Date: Thu, 13 Mar 2025 18:49:07 +0000

This affects both standalone SmartOS and Triton Data Center.

See:

        https://security.tritondatacenter.com/tps-2025-002/

and

        https://smartos.topicbox.com/groups/smartos-discuss/Ta6f13072e6bedddc-M3702e993edd7d6ce8d78dfc8

The Debian 12 LX zone image 60f76fd2-143f-4f57-819b-1ae32684e81b from 2024-07 has static SSH keys in it.  It has a 
mitigation (regenerate in-zone), but if you are a SmartOS or Triton user running a Debian 12 LX zone using THIS 
SPECIFIC image, you should mitigate or rebuild the zone.  You should also remove this image from your local image 
cache.  Either of the above links shows you how.

Thanks,
Dan McDonald & Nahum Shalman -- SmartOS & Triton development

Current thread:

Triton Product Security announcement: Debian 12 LX image from 2024-07 has static SSH keys Dan McDonald (Mar 13)