Language Selection

English French German Italian Portuguese Spanish

Red Hat fesses up to Fedora FOSS security fiasco

Filed under
Linux
Security

A week or so ago, end users of the Linux-based Red Hat Fedora OS were warned to avoid downloading packages due to an "issue in the infrastructure systems" which waved big red flags suggesting a security breach to many industry observers. Now Fedora has admitted Red Hat OpenSSH packages were compromised by two separate server intrusions...

It all started with a highly cryptic Fedora-Announce mailing list posting which stated that "The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance."

Fair enough, that kind of thing happens, apology accepted. What was less acceptable was the bit which went on to say that "We’re still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems."

Now, most sane-brained people would read that and think 'avoid downloading packages on Fedora systems' + 'issue in the infrastructure systems' = SECURITY BREACH!

Indeed, that is precisely what most sane-brained people, as well as many journalists, did think. The online news feeds were full of pet theories as to what had happened to cause the widespread Fedora service outages.

The blogosphere likewise. Everyone was hinting at a security breach. Everyone, that is, apart from Fedora.

More Here




More in Tux Machines

Games: Singularity: Escalation, ASTROKILL and More

Red Hat News

Android Leftovers

PC-MOS/386 is the latest obsolete operating system to open source on Github

PC-MOS/386 was first announced by The Software Link in 1986 and was released in early 1987. It was capable of working on any x86 computer (though the Intel 80386 was its target market). However, some later chips became incompatible because they didn't have the necessary memory management unit. It had a dedicated following but also contained a couple of design flaws that made it slow and/or expensive to run. Add to that the fact it had a Y2K bug that manifested on 31 July 2012, after which any files created wouldn't work, and it's not surprising that it didn't become the gold standard. The last copyright date listed is 1992, although some users have claimed to be using it far longer. Read more