Your security, networking, programming, and application news source.

Friday, August 22, 2008

Fedora Servers Compromised


  <Fedora announced> (Aug. 22, 2008) that some servers were illegally accessed 'last week'. One of the compromised servers was for signing Fedora packages. Despite being optimistic about the security of the passphrase used to secure the signing keys, Fedora has decided to convert to new signing keys.

  A RHL <security advisory> eludes to successfully compromised OpenSSH packages. "In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4(i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only)"

  RHL released an update to OpenSSH to address this as well as <script> to detect these black listed packages.

No comments:

Post a Comment