LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

August 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS August 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	redhat pgp signing keys compromised
From:	Roelof van der Kleij <[log in to unmask]>
Reply To:	Roelof van der Kleij <[log in to unmask]>
Date:	Fri, 22 Aug 2008 17:53:51 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (17 lines)

Hi all,

http://www.redhat.com/security/data/openssh-blacklist.html

It seems someone got a hold of the redhat pgp signing keys and 
distributed compromised openssh rpm's  The check script tests for 
modified binaries.

The article focuses on RHN not being compromised but is a bit vague 
about which channels were affected. Apparently some compromised openSSH 
rpm's are circulating in the wild.

Just a question: is there any chance of SRPM being compromised, which 
would affect  SL and Centos?

Roelof

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV