<div dir="ltr">A very distressing announcement.<br>Be aware that this impacts CentOS servers as well. They have posted notice <br><a href="http://lists.centos.org/pipermail/centos-announce/2008-August/015193.html">http://lists.centos.org/pipermail/centos-announce/2008-August/015193.html</a><br>
<a href="http://lists.centos.org/pipermail/centos-announce/2008-August/015194.html">http://lists.centos.org/pipermail/centos-announce/2008-August/015194.html</a><br>of the updated openssh packages to re-secure the repositories.<br>
<br><div class="gmail_quote">On Fri, Aug 22, 2008 at 3:04 PM, Bob Toxen <span dir="ltr"><<a href="mailto:transam@verysecurelinux.com">transam@verysecurelinux.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
"In an email sent to the fedora-announce mailing list, it has been<br>
revealed that both Fedora and Red Hat servers have been compromised<br>
<<a href="https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html" target="_blank">https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html</a>> .<br>
As a result Fedora is changing their package signing key. Red<br>
Hat has released a security advisory<br>
<<a href="https://rhn.redhat.com/errata/RHSA-2008-0855.html" target="_blank">https://rhn.redhat.com/errata/RHSA-2008-0855.html</a>> and a script to<br>
detect potentially compromised openssh packages<br>
<<a href="http://www.redhat.com/security/data/openssh-blacklist.html" target="_blank">http://www.redhat.com/security/data/openssh-blacklist.html</a>> ."<br>
<br>
<br>
Anyone running a Fedora or Red Hat Enterprise system where RPMs may have been<br>
installed recently, either automatically or manually, is at risk and should<br>
download Red Hat's tool to check for compromised RPMs.<br>
<br>
No doubt Microsoft will try to hype this. Remember that Microsoft is forced<br>
to provide a patch for the equivalent of a remote root vulnerability that affects MOST<br>
customers almost weekly, in our opinion.<br>
<br>
This appears to be a fault in System Administration by Red Hat rather than<br>
a security bug in Linux, though not all the facts are in at this time.<br>
<br>
Linux still is far more secure and reliable than Microsoft.<br>
<font color="#888888"><br>
Bob Toxen<br>
<a href="mailto:bob@verysecurelinux.com">bob@verysecurelinux.com</a> [Please use for email to me]<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
</font></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III <br><br>
</div>