Updated your Gentoo repositories yesterday consider replacing them or removing the compromised files you downloaded yesterday as there is a news going viral all over the internet that the Gentoo’s Github page resulting in compromisation of the original source and replaced with a malicious code so if you use Gentoo you need to be conscious about your machine. Because the development team of Gentoo Linux Distribution notifies users about their Github account being compromised and its source code has been replaced with the malicious code.
What is Gentoo?
Gentoo is a free operating system based on either Linux or FreeBSD that can be automatically optimized and customized for just about any application or need.
Extreme configurability, performance, and a top-notch user and developer community are all hallmarks of the Gentoo experience.
Thanks to a technology called Portage, Gentoo can become an ideal secure server, development workstation, professional desktop, gaming system, embedded solution, or something else—whatever you need it to be. Because of its near-unlimited adaptability, we call Gentoo a metadistribution.
What is Portage?
Portage can be considered the heart of Gentoo: it is the software distribution system that performs many key functions in Gentoo systems: Portage is used to sync the Gentoo ebuild repository from a mirror
Portage automatically builds a custom version of the package to your exact specifications, optimizing it for your hardware and ensuring that the optional features in the package that you want are enabled—and those you don’t want aren’t.
“Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization and modified the content of the repositories as well as pages there.”
Even Gentoo organization wrote on their website after they got back control on the Github account saying that
“Gentoo has regained control of the Gentoo Github Organization. We are currently working with Github on a procedure for resolution. Please continue to refrain from using code from the Gentoo Github Organization. Development of Gentoo primarily takes place on Gentoo operated hardware (not on Github) and remains unaffected. We continue to work with Github on establishing a timeline of what happened and we commit to sharing this with the community as soon as we can.”
Although this does NOT affect any code hosted on the Gentoo infrastructure. Since the master, Gentoo ebuild repository is hosted on our own infrastructure and since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org.
Also, the Gentoo-mirror repositories including metadata are hosted under a separate Github organization and likely not affected as well. All Gentoo commits are signed, and you should verify the integrity of the signatures when using GitHub.
According to Gentoo developer Francisco Blas Izquierdo Riera, after gaining control of the Gentoo Github organization, the attackers “replaced the portage and musl-dev trees with malicious versions of the ebuilds intended to try removing all of your files.”
Ebuild are bash scripts, a format created by the Gentoo Linux project, which automates compilation and installation procedures for software packages, helping the project with its portage software management system.
However, Gentoo assured its users that the incident did not affect any code hosted on the Gentoo’s official website or the mirror download servers and that users would be fine as long as they are using rsync or webrsync from gentoo.org.
This is because the master Gentoo ebuild repository is hosted on its own official portal and Github is just a mirror for it. so, you can relax after hearing this as soon as the issues are fixed there will be another update from the Gentoo organizations. so stay alert until yet and keep your systems up to the stable versions and to stay updated with cybersecurity Blogs.