Subj : Supply Chain Attacks on Linux distributions (Fenrisk)
To   : All
From : LWN.net
Date : Wed Mar 19 2025 15:00:08

Supply Chain Attacks on Linux distributions (Fenrisk)

Date:
Wed, 19 Mar 2025 14:48:47 +0000

Description:
A security company called Fenrisk has posted an overview of a pair
of claimed successful supply-chain attacks on the Fedora and openSUSE
distributions. We successfully identified vulnerabilities in the Pagure, the 
Git
	forge used by Fedora to store their package definitions. We also
	compromised Open Build Service, the all-in-one toolchain used and
	developed by the openSUSE project for compilation and packaging. 
Their exploitation by malicious actors would have led to the
	compromise of all the packages of the distributions Fedora and
	openSUSE, as well as their downstream distributions, impacting
	millions of Linux servers and desktops.

======================================================================
Link to news story:
https://lwn.net/Articles/1014741/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.