Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Fedora, Red Hat Servers Compromised

Popular Linux implementation will require changes in signing keys

Fedora Project leader Paul Frields ended speculation on Friday and revealed that the popular Linux implementation's servers have been breached.

"Last week, we discovered that some Fedora servers were illegally accessed," Frields said in a message to Fedora users about the security breach on Friday. "The intrusion into the servers was quickly discovered, and the servers were taken offline."

Fedora's servers have experienced some downtime in the past two weeks, and Frields had previously asked users not to download any new versions of the operating system, leading some observers to speculate that a security breach had occurred. (See Linux Users Speculate Over Fedora Outage.)

One of the compromised Fedora servers was a system used for signing Fedora packages, Frields said. "However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key. Based on our review to date, the passphrase was not used during the time of the intrusion on the system, and the passphrase is not stored on any of the Fedora servers."

However, because Fedora packages are distributed via multiple third-party mirrors and repositories, the Fedora project has decided to convert to new Fedora signing keys, Frields said. "This may require affirmative steps from every Fedora system owner or administrator," he warned.

Frields said there is "little risk" to Fedora users who want to install or upgrade signed Fedora packages. Our previous warnings against further package updates were based on an abundance of caution, out of respect for our users," he said. "This is also why we are proceeding with plans to change the Fedora package signing key."

While Frields was issuing his warning, Red Hat also issued its own advisory on a security breach. "Last week, Red Hat detected an intrusion on certain of its computer systems and took immediate action," the advisory states.

"While the investigation into the intrusion is on-going, our initial focus was to review and test the distribution channel we use with our customers, Red Hat Network(RHN) and its associated security measures," the company said. "Based on these efforts, we remain highly confident that our systems and processes prevented the intrusion from compromising RHN or the content distributed via RHN, and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk."

The advisory is mainly for "those who may obtain Red Hat binary packages via channels other than those of official Red Hat subscribers," Red Hat said.

"It is important to note that the effects of the intrusion on Fedora and Red Hat are *not* the same," Frields wrote. "Accordingly, the Fedora package signing key is not connected to, and is different from, the one used to sign Red Hat Enterprise Linux packages."

Frields said the Fedora Project will contact users soon to let them know how to handle they change in signing keys.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24288
PUBLISHED: 2021-05-17
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
CVE-2021-24289
PUBLISHED: 2021-05-17
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
CVE-2021-24290
PUBLISHED: 2021-05-17
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
CVE-2021-24292
PUBLISHED: 2021-05-17
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The â€&oe...
CVE-2021-24295
PUBLISHED: 2021-05-17
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via...