In association with heise online

19 August 2008, 09:09

Fedora servers may have been breached

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Server failure announcements on the Fedora mailing list are currently causing alarm among users of the Fedora Linux distribution. Paul Frields, head of the Fedora project, said there had evidently been a problem with various servers in the Fedora infrastructure that had made the project reinstall its systems. Frields gave no information about the precise reasons for this action, but US media are already speculating that a breach in one of the systems was to blame.

Apart from the packages servers, many of the Fedora servers were not available due to the maintenance work. Frields recommended that until the problem was solved no new packages should be installed or updated, which strongly hints at a security problem, possibly with manipulated packages. Fedora packages are digitally signed, but if the programs have already been manipulated on the build server, the signature will be worthless.

Most of the systems are now online again. The asterisk1, collab1, cvs1, builders, x86, ppc and Fedora People servers are due to be available shortly. The Fedora developers promise to publish details of the problem as soon as all systems have been restored and investigations completed.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit