View Full Version : Linux package management systems not completely secure

July 16th, 2008, 04:30 PM
apologies if someone already posted this...


The research team found it relatively easy to get their own server listed as an official mirror for Ubuntu, Fedora, OpenSuSE, CentOS and Debian, which was subsequently contacted by thousands of clients, including military and government computers.


It is quite possible, claim the authors, for an attacker to send clients properly signed packages that are outdated and contain known vulnerabilities ... that the attacker will be able to exploit at his convenience.

ok, ive mangled that quote a little bit to convey the meaning - if not the wording - of the article.

at least i posted the source too!

July 16th, 2008, 04:38 PM
Big deal, just stick to the official repos, and be careful what you install.

July 16th, 2008, 04:49 PM
We've just discussed this here: