[ale] Redhat and Fedora servers compromised

hscast at charter.net hscast at charter.net
Fri Aug 22 17:31:57 EDT 2008 

---- Jim Kinney <jim.kinney at gmail.com> wrote: 
> A very distressing announcement.
> Be aware that this impacts CentOS servers as well. They have posted notice
> http://lists.centos.org/pipermail/centos-announce/2008-August/015193.html
> http://lists.centos.org/pipermail/centos-announce/2008-August/015194.html
> of the updated openssh packages to re-secure the repositories.
> 
> On Fri, Aug 22, 2008 at 3:04 PM, Bob Toxen <transam at verysecurelinux.com>wrote:
> 
> > "In an email sent to the fedora-announce mailing list, it has been
> > revealed that both Fedora and Red Hat servers have been compromised
> > <
> > https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html>
> > .
> > As a result Fedora is changing their package signing key.  Red
> > Hat has released a security advisory
> > <https://rhn.redhat.com/errata/RHSA-2008-0855.html>  and a script to
> > detect potentially compromised openssh packages
> > <http://www.redhat.com/security/data/openssh-blacklist.html> ."
> >
> >
> > Anyone running a Fedora or Red Hat Enterprise system where RPMs may have
> > been
> > installed recently, either automatically or manually, is at risk and should
> > download Red Hat's tool to check for compromised RPMs.
> >
> > No doubt Microsoft will try to hype this.  Remember that Microsoft is
> > forced
> > to provide a patch for the equivalent of a remote root vulnerability that
> > affects MOST
> > customers almost weekly, in our opinion.
> >
> > This appears to be a fault in System Administration by Red Hat rather than
> > a security bug in Linux, though not all the facts are in at this time.
> >
> > Linux still is far more secure and reliable than Microsoft.
> >
> > Bob Toxen
> > bob at verysecurelinux.com               [Please use for email to me]
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> >
> 
> 
> 
> -- 
> -- 
> James P. Kinney III
Am I understanding this correct that the software used for updates as well may be contaminated as well? I am currently experiencing weird problems like things disappearing, unable to launch apps and now I can't login, oh also the gdm screen has gone black with just the login box. Running Fedora 9 or trying to. It's a little confusing right now since I also have new hardware, all at the same time.

More information about the Ale mailing list