RedHat Package Manager (RPM) files are compiled and prepackaged programs which can be downloaded and installed on Linux systems. It is possible corrupt the data in an RPM file so code is executed on a Linux system when the RPM is queried for version information. This is a difficult thing to do since the memory location of the hacker shellcode would need to be known. However, It's possible so don't mess with RPM files from untrusted sources.
Who need RPMs? :D
News source: MSNBC- Don't mess with RedHat Package Manager files