By John Leyden
22nd August 2008
Red Hat has warned that hackers were able to commandeer its systems and
tamper with code - but said that since its content distribution was not
hit, it is confident that polluted code has not served up to users.
The first hint that something was wrong came last week when Fedora
rebuilt its systems, a reconstruction that was accompanied by extended
outages. Red Hat sponsors the Linux distribution. Fortunately Fedora
packages weren't interfered with following the attack, but Red Hat
Enterprise Linux packages were touched up by as yet unidentified
"Last week Red Hat detected an intrusion on certain of its computer
systems and took immediate action," Red Hat said in a critical security
advisory  issued on Friday. "While the investigation into the
intrusion is ongoing, our initial focus was to review and test the
distribution channel we use with our customers."
While checks on its content distribution networks came back clean, it
did turn up some problems.
"An intruder was able to sign a small number of OpenSSH packages
relating only to Red Hat Enterprise Linux 4 (i386 and x86_64
architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!