[ale] Redhat and Fedora servers compromised

Jim Kinney jim.kinney at gmail.com
Fri Aug 22 17:18:38 EDT 2008


A very distressing announcement.
Be aware that this impacts CentOS servers as well. They have posted notice
http://lists.centos.org/pipermail/centos-announce/2008-August/015193.html
http://lists.centos.org/pipermail/centos-announce/2008-August/015194.html
of the updated openssh packages to re-secure the repositories.

On Fri, Aug 22, 2008 at 3:04 PM, Bob Toxen <transam at verysecurelinux.com>wrote:

> "In an email sent to the fedora-announce mailing list, it has been
> revealed that both Fedora and Red Hat servers have been compromised
> <
> https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html>
> .
> As a result Fedora is changing their package signing key.  Red
> Hat has released a security advisory
> <https://rhn.redhat.com/errata/RHSA-2008-0855.html>  and a script to
> detect potentially compromised openssh packages
> <http://www.redhat.com/security/data/openssh-blacklist.html> ."
>
>
> Anyone running a Fedora or Red Hat Enterprise system where RPMs may have
> been
> installed recently, either automatically or manually, is at risk and should
> download Red Hat's tool to check for compromised RPMs.
>
> No doubt Microsoft will try to hype this.  Remember that Microsoft is
> forced
> to provide a patch for the equivalent of a remote root vulnerability that
> affects MOST
> customers almost weekly, in our opinion.
>
> This appears to be a fault in System Administration by Red Hat rather than
> a security bug in Linux, though not all the facts are in at this time.
>
> Linux still is far more secure and reliable than Microsoft.
>
> Bob Toxen
> bob at verysecurelinux.com               [Please use for email to me]
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
-- 
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080822/bcea5466/attachment.html 


More information about the Ale mailing list