0-day exploit in anaconda

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Last night and this morning, I ran Fedora 18-Alpha-TC3 netinst.iso (x86_64)
burned to DVD, and met the bug  https://bugzilla.redhat.com/show_bug.cgi?id=849211 .
About 40 minutes ago, I re-ran the DVD but the bug had been fixed.

I never explicitly approved any Fedora 18 package signing key.
I believe that none (zero) of the current "Fedora 18" [rawhide] packages have been signed.
The download files from directory link
   http://dl.fedoraproject.org/pub/alt/stage/18-Alpha-TC3/Fedora/x86_64/iso/
are not accessed by the secure protocol
   https:// .
There is a *-CHECKSUM given, but it is not signed, either.

The fix for the bug 849211 was automatically downloaded and installed, insecurely.
That's just a short step away from a 0-day exploit in the installer.

-- 

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list


[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux