Language Selection

English French German Italian Portuguese Spanish

Red Hat Infrastructure report

Filed under
Linux
Security

Last week we discovered that some Fedora servers were illegally
accessed. The intrusion into the servers was quickly discovered, and the
servers were taken offline.

Security specialists and administrators have been working since then to
analyze the intrusion and the extent of the compromise as well as
reinstall Fedora systems. We are using the requisite outages as an
opportunity to do other upgrades for the sake of functionality as well
as security. Work is ongoing, so please be patient. Anyone with
pertinent information relating to this event is asked to contact
fedora-legal redhat com

One of the compromised Fedora servers was a system used for signing
Fedora packages. However, based on our efforts, we have high confidence
that the intruder was not able to capture the passphrase used to secure
the Fedora package signing key. Based on our review to date, the
passphrase was not used during the time of the intrusion on the system
and the passphrase is not stored on any of the Fedora servers.

While there is no definitive evidence that the Fedora key has been
compromised, because Fedora packages are distributed via multiple
third-party mirrors and repositories, we have decided to convert to new
Fedora signing keys. This may require affirmative steps from every
Fedora system owner or administrator. We will widely and clearly
communicate any such steps to help users when available.

More Here




Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

Leftovers: Gaming

Red Hat and Fedora

Leftovers: Ubuntu

  • Unity 8, Mir, Snappy & Other Focuses For Next Week's Ubuntu UOS-1605
    Next week is UOS-1605: the latest Ubuntu Online Summit where planning will take place for Ubuntu 16.10, the Yakkety Yak release. The UOS-1605 schedule is beginning to fill up for this event running from Tuesday (3 May) to Thursday (5 May). To not much surprise, the big topics are about Snappy for package manager, Mir, and the next-generation Unity 8 desktop with the overall convergence focus. Here are some of the highlights for the events on the schedule right now.
  • UK-based Entroware launches 14 inch Ubuntu laptop with Intel Skylake
    Entroware is one of a handful of companies that exclusively sells computers that are pre-loaded with Linux-based operating systems. And the UK-based company has just added a new model to its lineup.
  • Ubuntu 16.10 Yakkety Yak — Release Date, Features, Live ISO Build Download
    Canonical has officially started the development cycle of Ubuntu 16.10 Yakkety Yak. As we move ahead with the development, we’ll be knowing more about the new changes and big features of Ubuntu 16.10 Yakkety Yak. Meanwhile, if you are willing to adopt the upcoming iteration of Ubuntu, you can download the Live ISO Builds.