Fedora Investigates Security Incident

Jan 26, 2011

"Based on the results of our investigation so far, we do not believe that any Fedora packages or other Fedora contributor accounts were affected by thiscompromise," said Fedora project leader, Jared Smith in an email to the Fedora announce mailing list.

In his email, Smith noted that earlier this week a Fedora contributor account had been compromised; however, Fedora's Infrastructure Team can show that the compromise was external and was not due to any code vulnerability or exploit.

Smith also tells Fedora users the compromised account was not a member of any sysadmin or Release Engineering groups and the privileges on the account were limited to SSH to fedorapeople.org (user permissions are very limited on this machine), push access to packages in the Fedora SCM and the ability to perform builds and make updates to Fedora packages.

Smith reminds Fedora contributors to choose a strong FAS password and not to use their FAS password on any other websites or user accounts. He also tells contributors, "If you receive an email from FAS notifying you of changes to your account that you did not make, please contact the Fedora Infrastructure team immediately via admin at fedoraproject.org."

comments powered by Disqus

Issue 152/2013

Tag Cloud

Android Bruce Byfield Gnome KDE Linux Pro Magazine Open Source Projects Red Hat Ubuntu events foss free software google linux

News