[OmniOS-discuss] Attention OmniOS AMI users
Dan McDonald
danmcd at omniti.com
Tue Dec 8 20:09:58 UTC 2015
If you are using any OmniOS AMI r151012 or earlier, please read this. If you're using r151014, you may ignore this message.
It has come to our attention that some of the older OmniOS images, including images for r151006 and r151012, may have stored SSH host keys included with them, which could be used to execute a man in the middle attack.
If you are currently running one of these older versions, we suggest you verify and regenerate your keys, and/or move to a current OmniOS AMI.
For r151006 users, there is a new image named "OmniOS r151006 LTS" which should be available in your region. We recommend that users of r151012 (and any other older versions which are now ESOL) move to a current r151014 AMI.
Again, the OmniOS r151014 AMIs DO NOT HAVE stored SSH host keys and are *NOT* vulnerable.
Thanks and sorry for any inconvenience,
Dan
p.s. This is also on the AWS forums: https://forums.aws.amazon.com/thread.jspa?threadID=221330
More information about the OmniOS-discuss
mailing list