About the recent invasion
Pablo Iranzo Gómez
Pablo.Iranzo at redhat.com
Tue Sep 16 10:39:15 UTC 2008
Ola
The update came because it seems that 'atacker' was able to sign some
openssh packages. This update, as stated is provided just in case there
is someone not using RHN to get updated packages. Customers using RHN to
get updates were not afected. The errata also states that there's an
ongoing investigation.
Regards
Pablo
El lun, 15-09-2008 a las 19:19 -0300, Itamar - IspBrasil escribió:
> aparentemente foi causado por uma falha no ssh, onde o atacante
> conseguiu assinar alguns pacotes com as chave's do fedora.
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
>
> http://lists.centos.org/pipermail/centos-announce/2008-August/015195.html
>
> http://rhn.redhat.com/errata/RHSA-2008-0855.html
>
> http://www.redhat.com/security/data/openssh-blacklist.html
>
> On 9/12/2008 1:40 PM, Henrique Junior wrote:
> >
> > Hello, guys
> > I'm sorry if this list
> > is not the right place to post this question but I can't figure a
> > better place.
> > As a Fedora ambassador
> > (in Brazil) I've been asked by a lot of people about the recent
> > invasion in our servers. The question I've been asked yesterday was
> > “how it happened?”
> > I'd like to explain
> > here exactly what happened to make our users more comfortable and confident.
> > Please excuse my bad english.
> >
> >
> > Thanks
> >
> > Henrique "LonelySpooky" Junior
> > ________________________________
> > "In a world without walls and fences, who needs windows and gates?!"
> >
> >
> > Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com.
> > http://br.new.mail.yahoo.com/addresses
> >
> >
> > _______________________________________________
> > Fedora-infrastructure-list mailing list
> > Fedora-infrastructure-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
> >
> >
> >
>
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
--
Pablo Iranzo Gómez (Pablo.Iranzo at redhat.com)
RHCE/RHCSP/RHCSS Global Profesional Services Consultant Spain
Phone: +34 645 01 01 49 (CET/CEST)
GnuPG KeyID: 0xFAD3CF0D
--
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B-82 65 79 41
Directores: Michael Cunningham, Charlie Peters y David Owens
Dirección Registrada: Red Hat S.L., C/ Velazquez 63, Madrid 28001, España
Dirección contacto: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, Planta 3ºD, 28016 Madrid, Spain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada
digitalmente
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20080916/ba40702d/attachment.bin
More information about the infrastructure
mailing list