Language Selection

English French German Italian Portuguese Spanish

Red Hat fesses up to Fedora FOSS security fiasco

Filed under
Linux
Security

A week or so ago, end users of the Linux-based Red Hat Fedora OS were warned to avoid downloading packages due to an "issue in the infrastructure systems" which waved big red flags suggesting a security breach to many industry observers. Now Fedora has admitted Red Hat OpenSSH packages were compromised by two separate server intrusions...

It all started with a highly cryptic Fedora-Announce mailing list posting which stated that "The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance."

Fair enough, that kind of thing happens, apology accepted. What was less acceptable was the bit which went on to say that "We’re still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems."

Now, most sane-brained people would read that and think 'avoid downloading packages on Fedora systems' + 'issue in the infrastructure systems' = SECURITY BREACH!

Indeed, that is precisely what most sane-brained people, as well as many journalists, did think. The online news feeds were full of pet theories as to what had happened to cause the widespread Fedora service outages.

The blogosphere likewise. Everyone was hinting at a security breach. Everyone, that is, apart from Fedora.

More Here




More in Tux Machines

Microsoft Hates Linux: Got Caught, Pretended Just an Accident

Early Look at Ubuntu 17.04

  • Trying Out Unity 8 + Mir On Ubuntu 17.04
    With Ubuntu 17.04, Unity 7 with the X.Org Server remains the default desktop environment, but Unity 8 and Mir can be found on the default ISO and it's just a matter of logging out and into the experimental Unity 8 session. It's really easy to try out for those interested. For my tests today I was using an Intel Xeon box with a Radeon RX 470 graphics card atop Ubuntu 17.04's default Mesa packages and kernel. Overall it was an interesting experience and while a lot of bugs remain, the Unity 8 experience was much better than the last time I tried it a few months ago and is almost up to being usable for a daily Linux desktop.
  • The Ubuntu 17.04 Beta Is Now Available to Download
  • They’re Here: Ubuntu 17.04 Beta 2 Flavours Available to Download
  • Ubuntu Linux 17.04 'Zesty Zapus' Final Beta now available for download in multiple DE flavors
    When someone is interested in trying a Linux-based desktop operating system for the first time, they often choose Ubuntu. This is a smart choice, as it is easy to use, well supported, and quite beautiful. Even if you don't like the Unity desktop environment, there are several other DEs, or flavors, from which to choose -- GNOME, KDE, and Xfce to name a few. Today, the Final Beta of Ubuntu 17.04 'Zesty Zapus' becomes available for download. While it is never a good idea to run pre-release software on production machines, Canonical is claiming that it should be largely bug free at this point. In other words, if you understand the risks, it should be fairly safe. Home users aside, this is a good opportunity for administrators to conduct testing prior to the official release next month.

Games for GNU/Linux and CrossOver

San Francisco Open Source Voting System Project Continues On

At the February 15 Elections Commission meeting, the Elections Commission voted unanimously to ask the Mayor's Office to allocate $4 million towards initial development of the open source voting project for the 2018-19 fiscal year (from Aug. 2018 - July 2019). This would go towards initial development once the planning phase is complete. Read more