On Fri, Aug 22, 2008 at 1:59 PM, Scott Beardsley <scott at cse.ucdavis.edu> wrote: >> What's the point on this for us, CentOS users ? > > I'd like to know if CentOS has been affected by RH's compromise. Can someone > please comment? AFAIK, CentOS builds from RHEL SRPMs right? So as Rui > mentioned the script that RH provided is useless. They do give the version > info of the compromised packages: Russ has posted some information about this to planet.centos.org, but basically at this point it does not appear to affect the CentOS population. Karanbir has been crawling through the build system to verify this, and we may release an announcement about this later. If you want to check this out on your own, see -> http://www.securiteam.com/exploits/5MP0E20CAM.html for details, or for the short version run 'strings /usr/sbin/sshd | grep bella' -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell