Hi all, http://www.redhat.com/security/data/openssh-blacklist.html
It seems someone got a hold of the redhat pgp signing keys and distributed compromised openssh rpm's The check script tests for modified binaries.
The article focuses on RHN not being compromised but is a bit vague about which channels were affected. Apparently some compromised openSSH rpm's are circulating in the wild.
Just a question: is there any chance of SRPM being compromised, which would affect SL and Centos?
Roelof
