Language Selection

English French German Italian Portuguese Spanish

Red Hat fesses up to Fedora FOSS security fiasco

Filed under
Linux
Security

A week or so ago, end users of the Linux-based Red Hat Fedora OS were warned to avoid downloading packages due to an "issue in the infrastructure systems" which waved big red flags suggesting a security breach to many industry observers. Now Fedora has admitted Red Hat OpenSSH packages were compromised by two separate server intrusions...

It all started with a highly cryptic Fedora-Announce mailing list posting which stated that "The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance."

Fair enough, that kind of thing happens, apology accepted. What was less acceptable was the bit which went on to say that "We’re still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems."

Now, most sane-brained people would read that and think 'avoid downloading packages on Fedora systems' + 'issue in the infrastructure systems' = SECURITY BREACH!

Indeed, that is precisely what most sane-brained people, as well as many journalists, did think. The online news feeds were full of pet theories as to what had happened to cause the widespread Fedora service outages.

The blogosphere likewise. Everyone was hinting at a security breach. Everyone, that is, apart from Fedora.

More Here




More in Tux Machines

Tanglu 3.0 Alpha Out Now Based on Debian 8 Jessie, Offers GNOME 3.16 and KDE Plasma 5

Matthias Klumpp announced today, April 18, the immediate availability for download and testing of the first Alpha version of the upcoming Tanglu 3 Linux operating system. Read more

EXT4 In Linux 4.1 Adds File-System Level Encryption

The EXT4 file-system updates for the Linux 4.1 kernel have been sent in and it features the file-system-level encryption support. Earlier this month we wrote about the newly-published patches for EXT4 encryption support coming out of Google and intended to land in the next major release of Android. Those patches for file-system-level encryption will now be landing upstream with the Linux 4.1 kernel update. Besides this native encryption support for EXT4, the rest of the updates for this merge window pull request equate to mainly fixes. More details via the pull request itself. Read more

Manjaro Linux 0.8.13 Pre1 Released for Testing with KDE Plasma 5.2.2 and Xfce 4.12

The Manjaro development team announced that the first Preview release of the upcoming Manjaro Linux 0.8.13 operating system is now available for download in Xfce and KDE Live CD flavors. Read more

Ardour 4.0 released

The Ardour project is pleased to announce the release of Ardour 4.0. This release brings many technical improvements, as well as new features and over a thousand bug fixes. The biggest changes in this release: Better cross platform support. Ardour now runs on GNU/Linux, OS X and for the first time, Windows. JACK is no longer required, making it easier than ever for new users to get Ardour up and running (though JACK is still usable with Ardour). The user interface has seen a thorough overhaul, leading to a more modern and polished experience. Read more