Security Bytes

Aug 22 2008   11:12AM GMT

Intrusions hit Fedora, Red Hat Enterprise Linux servers; some OpenSSH packages compromised

David Schneier David Schneier Profile: David Schneier

The maker of Red Hat Enterprise Linux and Fedora said that hackers have gained access to key servers in what appear to be two separate incidents. Red Hat Inc. found last week that someone had compromised several Fedora servers, including one that is used to sign Fedora packages. The company said that although the server was accessed illegally, they don’t believe that the passphrase used to get to the key used to actually sign the packages was compromised.

Based on our review to date, the passphrase was not used during the time of the intrusion on the system and the passphrase is not stroed on any of the Fedora servers.

While there is no definitive evidence that the Fedora key has been compromised because Fedora packages are distributed via multiple third-party mirrors and repositories, we have decided to convert to new Fedora signing keys. This may require affirmative steps from every Fedora system owner or administrator. We will widely and clearly communicate any such steps to help users when available.

In the Red Hat Enterprise Linux incident, the attacker was able not only to compromise some servers, but also to use the RHEL key to sign some OpenSSH packages. The compromised packages were for RHEL 4 and 5, and Red Hat has published a blacklist of the affected packages. Red Hat also has released updated versions of the compromised packages.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: