[ale] Recent events with RH/Fedora servers.

Scott Castaline hscast at charter.net
Tue Sep 2 15:09:23 EDT 2008 

Jeff Lightner wrote:
> Also the official notice I got said they think it only affected some 
> RHEL4 and RHEL5 – it didn’t mention Fedora but then it again RHN alerts 
> are aimed at RHEL subscribers so they might have just left it out.
> 
>  
> 
> The link for this on RedHat’s site is:
> 
> http://www.redhat.com/security/data/openssh-blacklist.html
> 
>  
> 
> There is another link on RHN itself but you need a login to access the 
> other one.
> 
>  
> 
> In the above link (and alert I got) it says in part:
> 
>  
> 
> “we remain highly confident that our systems and processes prevented the 
> intrusion from compromising RHN or the content distributed via RHN and 
> accordingly believe that customers who keep their systems updated using 
> Red Hat Network are not at risk”
> 
>  
> 
> It was that statement that led me to believe no one using RHN would have 
> been affected.
> 
>  
> 
> ------------------------------------------------------------------------
> 
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of 
> *Jim Kinney
> *Sent:* Tuesday, September 02, 2008 2:40 PM
> *To:* ale at ale.org
> *Subject:* Re: [ale] Recent events with RH/Fedora servers.
> 
>  
> 
>  
> 
> On Tue, Sep 2, 2008 at 2:24 PM, Scott Castaline <hscast at charter.net 
> <mailto:hscast at charter.net>> wrote:
> 
> Ok, at the risk of sounding totally ignorant, does that mean any Fedora
> 9 install images that I downloaded during the time in question should be
> considered unsafe and immediately destroyed to oblivion, or can they be
> considered safe? Also any installs that may have been down with the
> original F 9 release images are the massive amounts of updates
> considered hazardous to my health?
> 
> The disk ISO's are ok as they were installed many months earlier. The 
> problem affects the update to ssh. As long as you do an update now, you 
> will get the new, clean ssh binaries.
> 
> 
> -- 
> -- 
> James P. Kinney III
> 
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or 
> confidential information and is for the sole use of the intended 
> recipient(s). If you are not the intended recipient, any disclosure, 
> copying, distribution, or use of the contents of this information is 
> prohibited and may be unlawful. If you have received this electronic 
> transmission in error, please reply immediately to the sender that you 
> have received the message in error, and delete it. Thank you.
> ----------------------------------
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
Because the alert also had gone out to Fedora users, I got the 
impression that it affected Fedora software as well, but all links had 
taken you to RHN sites not mentioning anything about Fedora or even 
CentOS, even though there have been comments in regards to CentOS within 
this thread. On one hand I get the feeling that the concern was more RH 
and not the others and on the other hand I get the feeling that RHN 
users are covered and all others are on their own.

More information about the Ale mailing list