Linux distributor Red Hat has issued a statement (Ed: via their errata) revealing that its servers were illegally infiltrated by unknown intruders. According to the company, internal audits have confirmed that the integrity of the Red Hat Network software deployment system was not compromised. The community-driven Fedora project, which is sponsored by Red Hat, also fell victim to a similar attack. More news is available around the web.
Red Hat, Fedora Servers Infiltrated By Attackers
Submitted by Hakime 2008-08-26 Red Hat 8 Comments
Their package signing key was compromised and the intruders managed to get some OpenSSH packages signed. Combined with DNS poisoning this could be nasty.