Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.


 

compromise of gluck.debian.org

Early this morning we discovered that someone had managed to
compromise gluck.debian.org. We've taken the machine offline and are
preparing to reinstall it. This means the following debian.org
services are currently offline: cvs, ddtp, lintian, people, popcon, planet, ports, release
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Hi,

Early this morning we discovered that someone had managed to
compromise gluck.debian.org. We've taken the machine offline and are
preparing to reinstall it. This means the following debian.org
services are currently offline:

cvs, ddtp, lintian, people, popcon, planet, ports, release

Based on the results of our initial investigation we've locked down
most other debian.org machines, limiting access to DSA only, until
they can be fixed for what we suspect is the exploit used to
compromise gluck.

We're still investigating exactly what happened and the extent of the
damage. We'll post more info as soon as we reasonably can.

- —
James
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iQIVAwUBRLU1oNfD8TGrKpH1AQJxXw//SYz8qfJzavCtdq9uLidAXVZcfT8PW0PA
d1166XENr3TryTC10ZY5dAWjc1Q7gy1YLMPBgDnjj6LlvD7EMOnathddX5dUuU9x
UHOcBBka5BDguZCL/oV4zSNKaq9Ses9dP7n/Cw/kQdqMBKhtcAI0lpYlHt4JijmJ
eU+lgMq6/3EgGV8XF5rX1kzl65K4o8slb8ygpc7KlXoKfYxKNp0Tmd/lDOQbsiDx
EXHNcN5DWUPsfEKSF65LczH6Y9GFGkcYhO4FJQLOhCXExClYW8WSbVXoXnAnvuuW
nLMuhG/pDRJVBdzTaRFRjXUvsmDoUAzf/c6suToqMUhp1cVMBOcEuubqgfeZcn2E
6Z9nT/1L6iHk1G1Dfrqj1IgeU2lA9dZCESsuoGp9qkwiDf3XW4IbAtVija3vHQwn
LOqSk9AGJZnumAMewjUvzwrfoEtcTOZGgz6OtN6OkQXrKh0BNIjH/Jndy4CkZHgG
OPn6upPt4IpmyEYK6dZY+o3+ZvB/2aOLOV+6VVN98O0bPfLEQmOhEvrrNh+6vP22
evK2noa6iMmq7B0ZTkShdBjxKs7dGoLBk/yidk043M+8P+U4JmOTJSPylL7k3OQ+
Va2YHQ48AqPhTQAOffPW7mD1ZWpj4bEmvqJI1tDADmMN+9oIG94Cb6qhDMU/3t3u
+mMB9lsIJBs=
=0D08
—–END PGP SIGNATURE—–

– To UNSUBSCRIBE, email to debian-devel-announce-REQUEST@lists.debian.org with a subject of “unsubscribe”. Trouble? Contact listmaster@lists.debian.org

Read more at debian-administration

No Response to “compromise of gluck.debian.org” »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.