|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dave Aitel (dave
immunityinc.com)
Date: Fri Aug 22 2008 - 09:05:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok, so to sum up the two emails below:
1. Fedora's package signing box was compromised by unknown parties.
Fedora does not think the key's passphrase was compromised however. They
are changing their keys.
2. RedHat's package signing key was used to sign trojaned OpenSSH
packages. RedHat does not think these were distributed via the Red Hat
Network auto-update service.
http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
http://rhn.redhat.com/errata/RHSA-2008-0855.html
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIrsehtehAhL0gheoRAkuqAJ4mvzv4G4ecq0lhqkBVrZLzvO5mAACfVwIc
Q4GJxw1kSvTKUMXlYsNfOWo=
=X5qc
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]