On Fri, Aug 22, 2008 at 1:59 PM, Scott Beardsley scott@cse.ucdavis.edu wrote:
What's the point on this for us, CentOS users ?
I'd like to know if CentOS has been affected by RH's compromise. Can someone please comment? AFAIK, CentOS builds from RHEL SRPMs right? So as Rui mentioned the script that RH provided is useless. They do give the version info of the compromised packages:
Russ has posted some information about this to planet.centos.org, but basically at this point it does not appear to affect the CentOS population. Karanbir has been crawling through the build system to verify this, and we may release an announcement about this later.
If you want to check this out on your own, see -> http://www.securiteam.com/exploits/5MP0E20CAM.html for details, or for the short version run 'strings /usr/sbin/sshd | grep bella'