Red Hat Issues Security Advisory Following Network Intrusion

Open-source software vendor Red Hat has released an update to OpenSSH packages relating to its Red Hat Enterprise Linux software after hackers attempted to break into servers belonging to the company and the community-supported Fedora Linux project earlier this month. Red Hat issued a security advisory about the incident Friday.

The advisory, rated as having a "critical security impact" by Red Hat's security response team, said the company is still investigating the network intrusion attempt that occurred the week of Aug. 11. The advisory says the intrusion was detected and the security team took immediate action. Since then the security team has been reviewing and testing the distribution channel the company uses with Red Hat customers.

"Based on these efforts, we remain highly confident that our systems and processes prevented the intrusion from compromising [Red Hat Network] or the content distributed by RHN and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk," the alert said.

Red Hat said it issued the alert primarily for customers who obtain Red Hat software through channels other than those used by official Red Hat subscribers.

The company said the intruder was able to "sign a small number of OpenSSH packages" relating to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). OpenSSH is the OpenBSD Secure Shell protocol implementation. Red Hat released an updated version of those OpenSSH packages.