Language Selection

English French German Italian Portuguese Spanish

Red Hat fesses up to Fedora FOSS security fiasco

Filed under
Linux
Security

A week or so ago, end users of the Linux-based Red Hat Fedora OS were warned to avoid downloading packages due to an "issue in the infrastructure systems" which waved big red flags suggesting a security breach to many industry observers. Now Fedora has admitted Red Hat OpenSSH packages were compromised by two separate server intrusions...

It all started with a highly cryptic Fedora-Announce mailing list posting which stated that "The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance."

Fair enough, that kind of thing happens, apology accepted. What was less acceptable was the bit which went on to say that "We’re still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems."

Now, most sane-brained people would read that and think 'avoid downloading packages on Fedora systems' + 'issue in the infrastructure systems' = SECURITY BREACH!

Indeed, that is precisely what most sane-brained people, as well as many journalists, did think. The online news feeds were full of pet theories as to what had happened to cause the widespread Fedora service outages.

The blogosphere likewise. Everyone was hinting at a security breach. Everyone, that is, apart from Fedora.

More Here




More in Tux Machines

solydxk Ready for the transition and new ISOs

The team has been toiling night and day to make the transition to Debian Jessie and Debian Wheezy as smooth as possible for you. Everything is ready and you should now be able to upgrade. If you experience connection problems while attempting to upgrade this is probably due to a request overload of our server. Just wait a bit and try later. Read more

GNU/Linux Grows Well In Argentina

A government announces a programme to distribute GNU/Linux to schools and it takes a few years to roll out. Read more

Oracle Releases Node.js Tools

Back at its OpenWorld event in 2014, Oracle announced it was working on a Node.js driver for its database products. The resulting code was released last week, as open source code with an Apache 2.0 license. The driver is now available from GitHub, and includes tools for working with JavaScript objects and arrays, and for translating between Oracle and JavaScript data types. It’s designed to handle transactions, and to work with Oracle’s built-in scaling tools. This includes the ability to quickly end transactions in the event of server failures – allowing Node.js applications to quickly failover to another database, without losing user data. Read more

Samsung Galaxy Tab S Pro Might Be Soon Upon Us

Samsung has been pretty silent when it comes to tablets in the last few months. The Korean tech giant rolled out the Galaxy Tab Active at IFA 2014, but that was just a rugged, re-branded version of the Galaxy Tab 4 8.0-inch model. Read more