Red Hat warns of Fedora, OpenSSH compromises

By

Hackers compromised Red Hat's Fedora servers, which prompted the open source software company to issue a critical update Friday for its OpenSSH packages.

Red Hat warns of Fedora, OpenSSH compromises
Red Hat on Friday delivered an urgent fix for its OpenSSH packages after the Linux distribution provider disclosed that intruders illegally accessed a number of Fedora servers.

As a result, hackers were able "to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux" versions 4 and 5, according to a security update. Aside from the patch, the open source software company provided users with a blacklist script to determine if they are running any of the tampered packages.

OpenSSH provides encrypted communication using the SSH, or secure shell, protocol.

Meanwhile, one of the servers belonging to the Red Hat-sponsored Fedora Project, which is responsible for signing Fedora packages, was compromised.

However, team leaders do not believe the intruders were able to steal any passwords used to secure the signing keys.

Still, the Fedora Project decided to release new signing keys "because Fedora packages are distributed via multiple third-party mirrors and repositories," according to a notice from Paul Frields, a Fedora Project leader.

"It is important to note that the effects of the intrusion on Fedora and Red Hat are not the same," he wrote. "Accordingly, the Fedora package signing key is not connected to, and is different from, the one used to sign Red Hat Enterprise Linux packages [and vice versa]."

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
compromisesfedorahatopensshredsecurityvulnerability

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?