On 08/22/2008 02:57 PM, Stephan Wiesand wrote:
> Hi Connie & Troy,
> 
> RHSA-2008-0855 scares me.
> 
> There's not much information in that advisory, but it sounds like
> someone signed trojaned ssh packages with TUV's key.

(Red Hat claims that these never made it through RHN to customer
machines, so that only some unspecified other channels would be affected).

> Could you please verify that the SRPMS you built from had not been
> tampered with, and let us know?

Red Hat only mentions some binary RPMs as being affected, given that SL
recompiles everything I hope we are largely safe. Nevertheless, they've
released updates for all platforms.

regards
jan