Language Selection

English French German Italian Portuguese Spanish

Red Hat fesses up to Fedora FOSS security fiasco

Filed under
Linux
Security

A week or so ago, end users of the Linux-based Red Hat Fedora OS were warned to avoid downloading packages due to an "issue in the infrastructure systems" which waved big red flags suggesting a security breach to many industry observers. Now Fedora has admitted Red Hat OpenSSH packages were compromised by two separate server intrusions...

It all started with a highly cryptic Fedora-Announce mailing list posting which stated that "The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance."

Fair enough, that kind of thing happens, apology accepted. What was less acceptable was the bit which went on to say that "We’re still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems."

Now, most sane-brained people would read that and think 'avoid downloading packages on Fedora systems' + 'issue in the infrastructure systems' = SECURITY BREACH!

Indeed, that is precisely what most sane-brained people, as well as many journalists, did think. The online news feeds were full of pet theories as to what had happened to cause the widespread Fedora service outages.

The blogosphere likewise. Everyone was hinting at a security breach. Everyone, that is, apart from Fedora.

More Here




More in Tux Machines

Android Leftovers

Ryzen 3 Linux Gaming Benchmarks: NVIDIA vs. AMD Radeon

This week I posted some fresh OpenGL vs. Vulkan benchmarks on the AMD Ryzen 3 while for this weekend article are some more Linux gaming benchmarks from the budget-friendly Ryzen 3 1200 and Ryzen 3 1300X processors. On the Ryzen 3 1200 and Ryzen 3 1300X, NVIDIA's GeForce GTX 1050 and GTX 1060 graphics cards were tested while on the Radeon side was the RX 560 and RX 480 graphics cards. The NVIDIA driver release used was the 384.59 driver while on the Radeon side was Linux 4.13 AMDGPU DRM plus Mesa 17.3-dev Git built against LLVM 6.0 SVN using the Padoka PPA. Read more

Some Fresh I/O Scheduler Benchmarks: Linux 4.13 With BFQ, CFQ, Kyber, Deadline

For those curious about the state of I/O schedulers with the in-development Linux 4.13 kernel, here are some fresh disk benchmarks using the 4.13 Git kernel on an Intel laptop/ultrabook and testing the various in-kernel options. Tests were done from a Broadwell era Lenovo ThinkPad X1 Carbon with SSD. In the days ahead I'll have some tests as well from a slower, rotational media system. Read more

Wine 2.15