What happened with Fedora - and Red Hat too
What happened with Fedora - and Red Hat too
Posted Aug 22, 2008 13:15 UTC (Fri) by kragil (guest, #34373)Parent article: What happened with Fedora - and Red Hat too
?? So the ssh packages are/were vulnerable?
Posted Aug 22, 2008 13:20 UTC (Fri)
by motk (guest, #51120)
[Link]
Posted Aug 22, 2008 13:21 UTC (Fri)
by Felix_the_Mac (guest, #32242)
[Link]
Posted Aug 22, 2008 13:38 UTC (Fri)
by AlexHudson (guest, #41828)
[Link] (1 responses)
Posted Aug 22, 2008 13:46 UTC (Fri)
by AlexHudson (guest, #41828)
[Link]
What happened with Fedora - and Red Hat too
Read for content, and Don't Panic.
SSH Packages Vulnerable?
The Red Hat statements say that the packages are being replaced as a precaution.
They do not state that the package contents have been altered in any fashion.
What happened with Fedora - and Red Hat too
I think they're saying that someone built some bad ssh packages and managed to get the system
to sign them before they got shut out. I don't think they're saying those packages got
distributed via Red Hat.
So, unless you're getting your RPMs from some dodgy place, it's not a problem. I guess the
main worry would be people cracking a system and installing those RPMs - they'd be difficult
to tell apart from the real thing without those check scripts Red Hat put up.
It sounds like the Fedora systems stood up to the attack pretty well, though.
What happened with Fedora - and Red Hat too
Heh, scratch that - they didn't actually say that the ssh rpms were bad, just that the
attacker had (re?)signed them.