Servidores del Proyecto Debian hackeados

Escrito el 21 noviembre, 2003 – 22:00 | por storm | 921 lecturas

Si, tal cual leyeron. Esta mañana empezo a circular un mail de la gente de la distribucion Debian, informando que la seguridad de ‘varias maquinas’ del proyecto fue comprometida… (sigue..)

Alguno de esos equipos, son el servidor de CVS, el sistema de seguimiento de bugs y el repositorio ‘security’.


A continuacion les pasteo el mail:

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory       
Some Debian Project machines compromised   
November 21st, 2003  
- ------------------------------------------------------------------------

Some Debian Project machines have been compromised

This is a very unfortunate incident to report about.  Some Debian servers were found to have been compromised in the last 30 hours.

The archive is not affected by this compromise!

The security server is not yet restored and security updates are currently not available.

In particular the following machines have been affected:

  . master (Bug Tracking System)
  . murphy (mailing lists)
  . gluck (web, cvs)
  . klecker (security, non-us, web search, www-master, qa)

Some of these services are currently not available as the machines undergo close inspection.  Some services have been moved to other machines ( for example).

The security archive will be verified from trusted sources before it will become available again.

Please note that we have recently prepared a new point release for Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not been announced yet, it has been pushed to our mirrors already.  The announcement was scheduled for this morning but had to be postponed.
This update has now been checked and it is not affected by the compromise.

We apologise for the disruptions of some services over the next few days.  We are working on restoring the services and verifying the content of our archives.

Contact Information
- -------------------

For further information, please visit the Debian web pages at  or send mail to .

Version: GnuPG v1.2.3 (GNU/Linux)


You must be logged in to post a comment.