As you probably know, several Novell hosted web sites got defaced by a vandal on the weekend.

The vandalized hosts wiki.novell.com, opensuse.org, and forge.novell.com are actually virtual hosts living on one machine, making this one affected machine.

The intruder gained access to the system by exploiting a known vulnerability in the "Xoops" blog software installed on another virtual host on this system (www.novell.com/prblogs/).

This software was not upgraded to the latest security fixed version.

The host affected is fully separate from our RPM and security fix delivery machines, so the integrity of our distributions and update repositories was not affected.

Sincerely,
Marcus Meissner, SUSE Security Team