MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
distributions
Recherche

Supply Chain Attacks on Linux distributions (Fenrisk)

mercredi 19 mars 2025, 15:48 , par LWN.net
A security company called Fenrisk has posted an overview of a pair
of claimed successful supply-chain attacks on the Fedora and openSUSE
distributions.

We successfully identified vulnerabilities in the Pagure, the Git
forge used by Fedora to store their package definitions. We also
compromised Open Build Service, the all-in-one toolchain used and
developed by the openSUSE project for compilation and packaging.

Their exploitation by malicious actors would have led to the
compromise of all the packages of the distributions Fedora and
openSUSE, as well as their downstream distributions, impacting
millions of Linux servers and desktops.

[Update: SUSE has put out a statement about the vulnerability; 'While this is a serious vulnerability that needed to be fixed quickly, the impact was inaccurately described.']
Lire la suite sur LWN.net
https://lwn.net/Articles/1014741/

Voir aussi

distributions New solution delivers fast recovery from ransomware attacks BetaNews20 Mar
fenrisk Too many software supply chain defense bibles? Boffins distill advice TheRegister20 Mar
fedora Free AI tools add to surge in attacks on applications BetaNews20 Mar
opensuse Asahi Linux loses another prominent dev as GPU guru calls it quits TheRegister20 Mar
linux Comment la Fondation Linux veut lutter contre les menaces de cybersécurité sur les logiciels libres ZDNet.fr20 Mar
attacks GNOME 48 Linux desktop launches with performance boosts but System76’s Cosmic is a rising threat BetaNews19 Mar
vulnerability Distribution Release: Kali Linux 2025.1a DistroWatch19 Mar
used Browser-based phishing attacks up 140 percent BetaNews19 Mar
supply Chimera Linux ghosts RISC-V because there's no time for sluggish hardware TheRegister19 Mar
chain GitHub suffers a cascading supply chain attack compromising CI/CD secrets InfoWorld19 Mar
distributions Fedora Linux 42 Beta is here with KDE edition, COSMIC spin, Asahi Remix, and major updates BetaNews18 Mar
fenrisk Infostealers account for surge in identity-enabled attacks BetaNews18 Mar
fedora Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos TheRegister18 Mar
opensuse Huawei To Pivot To Linux, HarmonyOS as Microsoft Windows License Expires Slashdot17 Mar
linux GitHub supply chain attack spills secrets from 23,000 projects TheRegister17 Mar
attacks Debian Linux 12.10 drops just in time for St. Patrick’s Day with security fixes BetaNews16 Mar
vulnerability Cybersecurity Alert Warns of 300 Attacks with 'Medusa' Ransomware Slashdot16 Mar
used SUSE doubles down on AI and Multi-Linux Support to prove it's still in the game TheRegister14 Mar
supply AdGuard brings full-system ad blocking to Linux with new standalone app BetaNews14 Mar
chain Watch a mesmerizing video of a chain link fence being made BoingBoing14 Mar
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
jeu. 20 mars - 17:35 CET