Fedora Investigates Security Incident

Jan 26, 2011

"Based on the results of our investigation so far, we do not believe that any Fedora packages or other Fedora contributor accounts were affected by thiscompromise," said Fedora project leader, Jared Smith in an email to the Fedora announce mailing list.

In his email, Smith noted that earlier this week a Fedora contributor account had been compromised; however, Fedora's Infrastructure Team can show that the compromise was external and was not due to any code vulnerability or exploit.

Smith also tells Fedora users the compromised account was not a member of any sysadmin or Release Engineering groups and the privileges on the account were limited to SSH to fedorapeople.org (user permissions are very limited on this machine), push access to packages in the Fedora SCM and the ability to perform builds and make updates to Fedora packages.

Smith reminds Fedora contributors to choose a strong FAS password and not to use their FAS password on any other websites or user accounts. He also tells contributors, "If you receive an email from FAS notifying you of changes to your account that you did not make, please contact the Fedora Infrastructure team immediately via admin at fedoraproject.org."

Related content

comments powered by Disqus

Issue 266/2023

Buy this issue as a PDF

Digital Issue: Price $12.99
(incl. VAT)

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs