"Oops."
Kernel.org Server Rooted and 448 users credentials compromisedNow, as mentioned in the article there's no reason to worry about the Git source repository, due to the nature of Git itself... but the kernel tarballs
could be affected, and we won't know the details until after an audit is done. (Yes, there's signatures for those tarballs, but who checks the signatures? And is there any guarantee that the tarball signing key hasn't been compromised?).
What does this mean? If you've downloaded tarballs from kernel.org the previous month or so, be sure to audit your systems and follow the news very carefully. Hopefully all sane distributions get their kernel sources from Git and not kernel tarballs, so people upgrading kernels from their distro vendor
should be safe - but stay tuned.
Interesting news, anyway. Seems to be a combination of trojanizing an Intel kernel committer (social engineering or haxxor of his system?), and then a bit of local->root privilege escalation.