What happened with Fedora - and Red Hat too
What happened with Fedora - and Red Hat too
Posted Aug 22, 2008 13:38 UTC (Fri) by AlexHudson (guest, #41828)In reply to: What happened with Fedora - and Red Hat too by kragil
Parent article: What happened with Fedora - and Red Hat too
I think they're saying that someone built some bad ssh packages and managed to get the system to sign them before they got shut out. I don't think they're saying those packages got distributed via Red Hat. So, unless you're getting your RPMs from some dodgy place, it's not a problem. I guess the main worry would be people cracking a system and installing those RPMs - they'd be difficult to tell apart from the real thing without those check scripts Red Hat put up. It sounds like the Fedora systems stood up to the attack pretty well, though.
Posted Aug 22, 2008 13:46 UTC (Fri)
by AlexHudson (guest, #41828)
[Link]
What happened with Fedora - and Red Hat too
Heh, scratch that - they didn't actually say that the ssh rpms were bad, just that the
attacker had (re?)signed them.