Source: BleepingComputer Author: Sergiu Gatlan URL: https://www.bleepingcomputer.com/news/linux/kali-linux-warns-of-update-failures-after-losing-repo-signing-key/
ONE SENTENCE SUMMARY:
Offensive Security advises Kali Linux users to manually install a new repository signing key after losing the previous key.
MAIN POINTS:
- Offensive Security lost the Kali Linux repository signing key, requiring a replacement key.
- Users with the old key experience update failures due to key verification errors.
- The repository was temporarily frozen on February 18th to minimize user impact.
- OffSec issued a new signing key (ED65462EC8D5E4C5) signed by Kali developers.
- Users must manually download and install the new key to resolve the issue.
- The recommended command to fetch the new key is provided clearly by OffSec.
- Checksums and instructions for verifying the new keyring are available from OffSec.
- Users uncomfortable updating keys manually can reinstall Kali using updated images.
- This incident mirrors a similar 2018 event when Kali’s GPG key expired.
- Regular updating of Kali Linux keyrings is essential to prevent update mismatches.
TAKEAWAYS:
- Regularly update Kali Linux systems to avoid key mismatches and repository issues.
- Follow official instructions carefully when manually updating repository signing keys.
- Verify new repository keys using provided checksums to ensure authenticity.
- Consider reinstalling Kali Linux from updated images if unsure about manual key updates.
- Maintain awareness of Kali Linux communications to promptly handle security-related updates.