Ola The update came because it seems that 'atacker' was able to sign some openssh packages. This update, as stated is provided just in case there is someone not using RHN to get updated packages. Customers using RHN to get updates were not afected. The errata also states that there's an ongoing investigation. Regards Pablo El lun, 15-09-2008 a las 19:19 -0300, Itamar - IspBrasil escribió: > aparentemente foi causado por uma falha no ssh, onde o atacante > conseguiu assinar alguns pacotes com as chave's do fedora. > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 > > http://lists.centos.org/pipermail/centos-announce/2008-August/015195.html > > http://rhn.redhat.com/errata/RHSA-2008-0855.html > > http://www.redhat.com/security/data/openssh-blacklist.html > > On 9/12/2008 1:40 PM, Henrique Junior wrote: > > > > Hello, guys > > I'm sorry if this list > > is not the right place to post this question but I can't figure a > > better place. > > As a Fedora ambassador > > (in Brazil) I've been asked by a lot of people about the recent > > invasion in our servers. The question I've been asked yesterday was > > “how it happened?” > > I'd like to explain > > here exactly what happened to make our users more comfortable and confident. > > Please excuse my bad english. > > > > > > Thanks > > > > Henrique "LonelySpooky" Junior > > ________________________________ > > "In a world without walls and fences, who needs windows and gates?!" > > > > > > Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com. > > http://br.new.mail.yahoo.com/addresses > > > > > > _______________________________________________ > > Fedora-infrastructure-list mailing list > > Fedora-infrastructure-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > > > > > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Pablo Iranzo Gómez (Pablo.Iranzo@xxxxxxxxxx) RHCE/RHCSP/RHCSS Global Profesional Services Consultant Spain Phone: +34 645 01 01 49 (CET/CEST) GnuPG KeyID: 0xFAD3CF0D -- Inscrita en el Reg. Mercantil de Madrid – C.I.F. B-82 65 79 41 Directores: Michael Cunningham, Charlie Peters y David Owens Dirección Registrada: Red Hat S.L., C/ Velazquez 63, Madrid 28001, España Dirección contacto: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, Planta 3ºD, 28016 Madrid, Spain
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
