[ale] Redhat and Fedora servers compromised
Bob Toxen
transam at verysecurelinux.com
Fri Aug 22 15:04:33 EDT 2008
"In an email sent to the fedora-announce mailing list, it has been
revealed that both Fedora and Red Hat servers have been compromised
<https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html> .
As a result Fedora is changing their package signing key. Red
Hat has released a security advisory
<https://rhn.redhat.com/errata/RHSA-2008-0855.html> and a script to
detect potentially compromised openssh packages
<http://www.redhat.com/security/data/openssh-blacklist.html> ."
Anyone running a Fedora or Red Hat Enterprise system where RPMs may have been
installed recently, either automatically or manually, is at risk and should
download Red Hat's tool to check for compromised RPMs.
No doubt Microsoft will try to hype this. Remember that Microsoft is forced
to provide a patch for the equivalent of a remote root vulnerability that affects MOST
customers almost weekly, in our opinion.
This appears to be a fault in System Administration by Red Hat rather than
a security bug in Linux, though not all the facts are in at this time.
Linux still is far more secure and reliable than Microsoft.
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
More information about the Ale
mailing list