Guatewireless.org » Redhat , Security " critical security update for Red Hat / Fedora Linux OpenSSH

Update Criticizes Security Red Hat / Fedora Linux OpenSSH

August 26th, 2008 | Add a Comment

As many of you know some days ago one or more of Red Hat servers were compromised. Committed is a short word to say who broke the security of Red Hay and went as he owned the place. We now know that both Fedora and Red Hat were cracked.

As a direct result Fedora is changing their package to encrypt your key. The intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures) and Red Hat Enterprise Linux 5 (x86_64).

This update has been classified as safety critical. If you manage a Red Hat-based server is connected to the internet and update the system immediately.

Official announcement of Red Hat Network - RHN

Last week Red Hat detected an intrusion on Certain of ITS computer systems and Took Immediate action. While the Investigation Into the intrusion is on-going, our initial focus to review and test WAS the distribution channel we use with Our customers, Red Hat Network (RHN) and Its associated security measures. Based On These Efforts, we REMAIN Highly confident and Processes That our systems from intrusion preventer Compromising the RHN or the content via RHN and accordingly Distributed believe That Customers Who Keep Their systems updated using Red Hat Network are not at-risk. We are Issuing this alert Primarily For Those Who May Obtain Red Hat binary packages via channels other Than Those of official Red Hat subscribers.

The following products are affected:
=> Red Hat Desktop (v. 4)
=> Red Hat Enterprise Linux (v. 5 server)
=> Red Hat Enterprise Linux AS (v. 4)
=> Red Hat Enterprise Linux AS (v. 4.5.z)
=> Red Hat Enterprise Linux Desktop (v. 5 client)
=> Red Hat Enterprise Linux ES (v. 4)
=> Red Hat Enterprise Linux ES (v. 4.5.z)
=> Red Hat Enterprise Linux WAS (v. 4)