[ale] Recent events with RH/Fedora servers.

Jeff Lightner jlightner at water.com
Tue Sep 2 15:46:14 EDT 2008 

Well it could be that it affects Fedora (because of its tie in to RedHat
- I think the Fedora repository servers are at RedHat but wouldn't swear
to it).   

It could also be that it affects CentOS if the user signed the source
RPMs as CentOS is compiled from those. 

However, I think it most likely that people just ASSUMED it affected
everything related to RedHat like Fedora and CentOS because of
misinformation that some sort of global hack occurred to RedHat servers.
The link I posted makes it clear it wasn't that broad.

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
Scott Castaline
Sent: Tuesday, September 02, 2008 3:09 PM
To: ale at ale.org
Subject: Re: [ale] Recent events with RH/Fedora servers.

Jeff Lightner wrote:
> Also the official notice I got said they think it only affected some 
> RHEL4 and RHEL5 - it didn't mention Fedora but then it again RHN
alerts 
> are aimed at RHEL subscribers so they might have just left it out.
> 
>  
> 
> The link for this on RedHat's site is:
> 
> http://www.redhat.com/security/data/openssh-blacklist.html
> 
>  
> 
> There is another link on RHN itself but you need a login to access the

> other one.
> 
>  
> 
> In the above link (and alert I got) it says in part:
> 
>  
> 
> "we remain highly confident that our systems and processes prevented
the 
> intrusion from compromising RHN or the content distributed via RHN and

> accordingly believe that customers who keep their systems updated
using 
> Red Hat Network are not at risk"
> 
>  
> 
> It was that statement that led me to believe no one using RHN would
have 
> been affected.
> 
>  
> 
>
------------------------------------------------------------------------
> 
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of

> *Jim Kinney
> *Sent:* Tuesday, September 02, 2008 2:40 PM
> *To:* ale at ale.org
> *Subject:* Re: [ale] Recent events with RH/Fedora servers.
> 
>  
> 
>  
> 
> On Tue, Sep 2, 2008 at 2:24 PM, Scott Castaline <hscast at charter.net 
> <mailto:hscast at charter.net>> wrote:
> 
> Ok, at the risk of sounding totally ignorant, does that mean any
Fedora
> 9 install images that I downloaded during the time in question should
be
> considered unsafe and immediately destroyed to oblivion, or can they
be
> considered safe? Also any installs that may have been down with the
> original F 9 release images are the massive amounts of updates
> considered hazardous to my health?
> 
> The disk ISO's are ok as they were installed many months earlier. The 
> problem affects the update to ssh. As long as you do an update now,
you 
> will get the new, clean ssh binaries.
> 
> 
> -- 
> -- 
> James P. Kinney III
> 
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or 
> confidential information and is for the sole use of the intended 
> recipient(s). If you are not the intended recipient, any disclosure, 
> copying, distribution, or use of the contents of this information is 
> prohibited and may be unlawful. If you have received this electronic 
> transmission in error, please reply immediately to the sender that you

> have received the message in error, and delete it. Thank you.
> ----------------------------------
> 
> 
>
------------------------------------------------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
Because the alert also had gone out to Fedora users, I got the 
impression that it affected Fedora software as well, but all links had 
taken you to RHN sites not mentioning anything about Fedora or even 
CentOS, even though there have been comments in regards to CentOS within

this thread. On one hand I get the feeling that the concern was more RH 
and not the others and on the other hand I get the feeling that RHN 
users are covered and all others are on their own.
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale

More information about the Ale mailing list