Intruders disrupt Fedora, Red Hat
Some of Fedora’s servers were “accessed illegally” last week but, the Fedora team said in an email today, the intrusion “was quickly discovered, and the servers were taken offline”.
“Security specialists and administrators have been working since then to analyze the intrusion and the extent of the compromise as well as reinstall Fedora systems,” the team said in its infrastructure report today.
One of the compromised Fedora servers was a system used for signing Fedora packages which has raised concern over the security of packages. The Fedora team says that while they have “high confidence” that the intruder was not able to capture the passphrase used to secure the Fedora package signing key it has decided to convert to new signing keys.
“Based on our review to date, the passphrase was not used during the time of the intrusion on the system and the passphrase is not stored on any of the Fedora servers.
“While there is no definitive evidence that the Fedora key has been compromised, because Fedora packages are distributed via multiple third-party mirrors and repositories, we have decided to convert to new Fedora signing keys,” the team said.
Fedora sponsor, Red Hat, also detected unusual activity during this period and has issued updated OpenSSH packages for its Enterprise Linux users.
The company says that it remains “highly confident that our systems and processes prevented the intrusion from compromising RHN or the content distributed via RHN and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk”.