RealTime IT News

Red Hat Fedora servers compromised

fedora-logo.png
From the "this isn't good news" files:

Servers for both Red Hat Enterprise Linux and Fedora Linux were compromised in recent weeks by some kind of illegal access. Neither project however is currently admitting than any of their software or users were in any way directly affected by the illegal access.
Fedora Project Leader Paul Frields wrote in a mailing list entry that:

Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline.Security specialists and administrators have been working since then to analyze the intrusion and the extent of the compromise as well as reinstall Fedora systems.

On the Red Hat Enterprise side of things there is an OpenSSH update notification that contains (few) details about what happened.

Last week Red Hat detected an intrusion on certain of its computer systems
and took immediate action. While the investigation into the intrusion is
on-going, our initial focus was to review and test the distribution
channel we use with our customers, Red Hat Network (RHN) and its associated
security measures. Based on these efforts, we remain highly confident that
our systems and processes prevented the intrusion from compromising RHN or
the content distributed via RHN and accordingly believe that customers who
keep their systems updated using Red Hat Network are not at risk.

The fear in both cases is that an attacker could have somehow gained access and then created or compromised a security signing key used to distribute packages and updates.

As far as I can tell based on the analysis provided by Red Hat that's not the case and Red Hat and Fedora are being responsible and prudent by locking down system, analyzing everything and re-issuing keys.

Comment and Contribute