Language Selection

English French German Italian Portuguese Spanish

Red Hat Infrastructure report

Filed under
Linux
Security

Last week we discovered that some Fedora servers were illegally
accessed. The intrusion into the servers was quickly discovered, and the
servers were taken offline.

Security specialists and administrators have been working since then to
analyze the intrusion and the extent of the compromise as well as
reinstall Fedora systems. We are using the requisite outages as an
opportunity to do other upgrades for the sake of functionality as well
as security. Work is ongoing, so please be patient. Anyone with
pertinent information relating to this event is asked to contact
fedora-legal redhat com

One of the compromised Fedora servers was a system used for signing
Fedora packages. However, based on our efforts, we have high confidence
that the intruder was not able to capture the passphrase used to secure
the Fedora package signing key. Based on our review to date, the
passphrase was not used during the time of the intrusion on the system
and the passphrase is not stored on any of the Fedora servers.

While there is no definitive evidence that the Fedora key has been
compromised, because Fedora packages are distributed via multiple
third-party mirrors and repositories, we have decided to convert to new
Fedora signing keys. This may require affirmative steps from every
Fedora system owner or administrator. We will widely and clearly
communicate any such steps to help users when available.

More Here




Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Today in Techrights

Linux, Graphics, and Linux Foundation

Leftovers: Debian and Ubuntu

  • CD/DVD Image Changes For The Upcoming Debian 9.0 Release
    With Debian 9.0 not being far away from releasing, the Debian CD Images Team has issued an update over their fundamental changes happening for this "Stretch" cycle.
  • The System76 'Galago Pro' laptop looks fantastic, $50 off for a few more days
    The Galago Pro looks like an incredibly stylish device ready for the masses with a slick aluminium casing, instead of the always cheap feeling plastic cases most tend to come with. It's slim, but best of all incredibly light for such a device at 1.3kg (2.87 lbs). It comes with Ubuntu 16.04.2 LTS or Ubuntu 17.04, a speedy 7th Gen Intel in either an i5 7200U or i7 7500U and Intel® HD Graphics 620.
  • Download Ubuntu 17.10 daily builds
    The release schedule for Ubuntu 17.10 has been announced, and you can now download the daily build ISO images as well. Daily builds can be useful to watch the progress of Ubuntu 17.10, but are not recommended for normal usage due to possible bugs and changes.

Leftovers: Software

  • GJS: What’s next?
    In my last post, I went into detail about all the new stuff that GJS brought to GNOME 3.24. Now, it’s time to talk about the near future: what GJS will bring to GNOME 3.26.
  • Sending SMS from Linux Just Got Easier with Latest Indicator KDE Connect Update
    Indicator KDE Connect now has Google Contacts integration, making it even easier to send text messages from the Linux desktop.
  • Cumulus Qt is a Lightweight Weather App for Linux
    Cumulus Qt is a Qt weather app for the Linux desktop. It's lightweight, has a bold, striking design inspired by Stormcloud, and is very customisable.
  • Vivaldi 1.10 Browser Now in Development, Will Introduce Docked Developer Tools
    Vivaldi's Ruarí Ødegaard just informed us a few moments ago that Vivaldi 1.10 will be the next major version of the free and cross-platform web browser based on the latest Chromium technologies, not Vivaldi 2.0 as many of you have hoped. Vivaldi 1.9 just hit the streets the other day as world's first web browser to ship with the Ecosia search engine enabled by default to help reforest the plane, and it now looks like Vivaldi's devs never sleep, and development of Vivaldi 1.10 starts today with the first snapshot, Vivaldi 1.10.829.3, which introduces a long-anticipated feature: Docked Developer Tools!