compromise of gluck.debian.org, lock down of other debian.org machines


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

compromise of gluck.debian.org, lock down of other debian.org machines

User Rating:

How can I rate this item?

Early this morning we discovered that someone had managed to compromise gluck.debian.org. We've taken the machine offline and are preparing to reinstall it. This means the following debian.org services are currently offline:

cvs, ddtp, lintian, people, popcon, planet, ports, release

Based on the results of our initial investigation we've locked down most other debian.org machines, limiting access to DSA only, until they can be fixed for what we suspect is the exploit used to compromise gluck. We're still investigating exactly what happened and the extent of the damage. We'll post more info as soon as we reasonably can.

Read this full article