On mySimon: Issey Miyake Automatic Watch for Men
BNET Business Network:
BNET
TechRepublic
ZDNet

August 18th, 2008

Fedora infrastructure breach?

Posted by Ryan Naraine @ 8:05 am

Categories: Anti Virus, Browsers, Data theft, Denial of Service (DoS), Exploit code, Locally Running Web Servers, Open source, Passwords, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research

Tags: Fedora Project, Open Source, Security, Ryan Naraine

Fedora server compromised?Has there been a security breach in Red Hat Fedora’s infrastucture systems?

According to a cryptic announcement posted to the Fedora-Announce mailing list, the open-source group is investigating an unspecified “issue in the infrastructure systems” that has resulted in widespread service outages.

In the note, Fedora maintainers recommend that end users avoid downloading packages on Fedora systems, which strongly hints at a security-related problem:

  • The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance. We’re still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems.

A follow-up message posted over the weekend said the investigations were continuing but there are no details available on the cause of the problem.

Efforts to contact Red Hat Fedora maintainers have so far been unsuccessful.  I will update this post as necessary.

* Image credit: jgbrl’s Flickr photostream (Creative Commons 2.0)

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 10 Talkback(s)
hindsight is 50/50
This release from RH came out after my comment and after the blog entry was posted. At the time, there was nothing to suggest the problem was security related - at least nothing in the cited reference for the blog entry.... (Read the rest)
Posted by: OzDot Posted on: 08/27/08 You are currently: a Guest | | Terms of Use
Denial isn't a river in Egypt  NotMSUser | 08/18/08
Updates seemed to be working last night  John L. Ries | 08/18/08
May or may not be related  John L. Ries | 08/18/08
Yes, but those updates maybe compromised.  phatkat | 08/19/08
RE: Fedora infrastructure breach?  npdavis@... | 08/18/08
RE: Fedora infrastructure breach?  bbneo | 08/19/08
This is the evidence that linux and open source are unsafe  qmlscycrajg | 08/20/08
what makes you think it is a security issue?  OzDot | 08/21/08
this  Donald75 | 08/22/08
hindsight is 50/50  OzDot | 08/27/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here