LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

What happened with Fedora - and Red Hat too

What happened with Fedora - and Red Hat too

Posted Aug 22, 2008 13:38 UTC (Fri) by AlexHudson (subscriber, #41828)
In reply to: What happened with Fedora - and Red Hat too by kragil
Parent article: What happened with Fedora - and Red Hat too 

I think they're saying that someone built some bad ssh packages and managed to get the system
to sign them before they got shut out. I don't think they're saying those packages got
distributed via Red Hat.

So, unless you're getting your RPMs from some dodgy place, it's not a problem. I guess the
main worry would be people cracking a system and installing those RPMs - they'd be difficult
to tell apart from the real thing without those check scripts Red Hat put up.

It sounds like the Fedora systems stood up to the attack pretty well, though.

(Log in to post comments)

What happened with Fedora - and Red Hat too

Posted Aug 22, 2008 13:46 UTC (Fri) by AlexHudson (subscriber, #41828) [Link] 

Heh, scratch that - they didn't actually say that the ssh rpms were bad, just that the
attacker had (re?)signed them.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds