[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Redhat and Fedora servers compromised
- Subject: [ale] Redhat and Fedora servers compromised
- From: hscast at charter.net (hscast at charter.net)
- Date: Fri, 22 Aug 2008 14:31:57 -0700
- In-reply-to: <[email protected]>
---- Jim Kinney <jim.kinney at gmail.com> wrote:
> A very distressing announcement.
> Be aware that this impacts CentOS servers as well. They have posted notice
> of the updated openssh packages to re-secure the repositories.
> On Fri, Aug 22, 2008 at 3:04 PM, Bob Toxen <transam at verysecurelinux.com>wrote:
> > "In an email sent to the fedora-announce mailing list, it has been
> > revealed that both Fedora and Red Hat servers have been compromised
> > <
> > https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html>
> > .
> > As a result Fedora is changing their package signing key. Red
> > Hat has released a security advisory
> > <https://rhn.redhat.com/errata/RHSA-2008-0855.html> and a script to
> > detect potentially compromised openssh packages
> > <http://www.redhat.com/security/data/openssh-blacklist.html> ."
> > Anyone running a Fedora or Red Hat Enterprise system where RPMs may have
> > been
> > installed recently, either automatically or manually, is at risk and should
> > download Red Hat's tool to check for compromised RPMs.
> > No doubt Microsoft will try to hype this. Remember that Microsoft is
> > forced
> > to provide a patch for the equivalent of a remote root vulnerability that
> > affects MOST
> > customers almost weekly, in our opinion.
> > This appears to be a fault in System Administration by Red Hat rather than
> > a security bug in Linux, though not all the facts are in at this time.
> > Linux still is far more secure and reliable than Microsoft.
> > Bob Toxen
> > bob at verysecurelinux.com [Please use for email to me]
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> James P. Kinney III
Am I understanding this correct that the software used for updates as well may be contaminated as well? I am currently experiencing weird problems like things disappearing, unable to launch apps and now I can't login, oh also the gdm screen has gone black with just the login box. Running Fedora 9 or trying to. It's a little confusing right now since I also have new hardware, all at the same time.