Ask Your Question
2

dnf/yum vulnerability

asked 2014-11-28 13:10:17 -0600

updated 2014-11-28 17:21:47 -0600

FranciscoD_ gravatar image

I was just running a dnf update but having issues (again, sigh). So I ran dnf -v update. My line speed is not extraordinary so every now and then packages fail and I keep my eye on the progress being made. What caught my eye was this line:

[MIRROR] phpMyAdmin-4.2.11-1.fc20.noarch.rpm: Curl error: Couldn't resolve host name for http://www.ScriptKiddie.invalid/

Should I be concerned? This seems to me as though someone was experimenting with looking for a vulnerability but to be one the safe side I thought "ask fedora!"

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
3

answered 2014-11-28 17:20:11 -0600

FranciscoD_ gravatar image

Well, unless the mirror is registered with our mirror manager, it shouldn't come up for yum/dnf. Having said that, all the Fedora packages are signed, and this signature is checked before install - so, even if a bad package does come to your system, it'll fail the signature check and not be installed. You could report this to Fedora infrastructure here though: https://fedorahosted.org/fedora-infrastructure/newticket

Another thing you need to check is what repositories you have set up - are they all fedora, or do you have third party repos too?

I haven't had any issues with dnf al all - I use it regularly on three of my machines. Please do file bugs if you have issues so that upstream can fix them before we phase out yum.

edit flag offensive delete link more

Comments

I have rpmfusion and a few coprs enabled - nothing unusual. How can I find where dnf got that url?

jcuenod gravatar imagejcuenod ( 2014-11-29 11:54:25 -0600 )edit

Question Tools

Stats

Asked: 2014-11-28 13:10:17 -0600

Seen: 205 times

Last updated: Nov 28 '14