[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Redhat and Fedora servers compromised
- Subject: [ale] Redhat and Fedora servers compromised
- From: jim.kinney at gmail.com (Jim Kinney)
- Date: Fri, 22 Aug 2008 17:18:38 -0400
- In-reply-to: <[email protected]>
- References: <[email protected]>
A very distressing announcement.
Be aware that this impacts CentOS servers as well. They have posted notice
of the updated openssh packages to re-secure the repositories.
On Fri, Aug 22, 2008 at 3:04 PM, Bob Toxen <transam at verysecurelinux.com>wrote:
> "In an email sent to the fedora-announce mailing list, it has been
> revealed that both Fedora and Red Hat servers have been compromised
> As a result Fedora is changing their package signing key. Red
> Hat has released a security advisory
> <https://rhn.redhat.com/errata/RHSA-2008-0855.html> and a script to
> detect potentially compromised openssh packages
> <http://www.redhat.com/security/data/openssh-blacklist.html> ."
> Anyone running a Fedora or Red Hat Enterprise system where RPMs may have
> installed recently, either automatically or manually, is at risk and should
> download Red Hat's tool to check for compromised RPMs.
> No doubt Microsoft will try to hype this. Remember that Microsoft is
> to provide a patch for the equivalent of a remote root vulnerability that
> affects MOST
> customers almost weekly, in our opinion.
> This appears to be a fault in System Administration by Red Hat rather than
> a security bug in Linux, though not all the facts are in at this time.
> Linux still is far more secure and reliable than Microsoft.
> Bob Toxen
> bob at verysecurelinux.com [Please use for email to me]
> Ale mailing list
> Ale at ale.org
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...