Graeme - there are such things as compromised repositories, libraries and distros. Not many and not often for linux, as far as I know, but it's still possible at any given time. This is especially possible for third party repositories which are added to the updater in order to force updates on new versions.
From a linux server aspect, a new rootkit has just been discovered...
"The rootkit is designed specifically for 64-bit Linux systems..."
"Since the command is appended to the end of rc.local, there might actually be shell commands that result in the command not being executed as intended. On a default Debian squeeze install, /etc/rc.local ends in an exit 0 command, so that the rootkit is effectively never loaded."
"Researchers believe that the Linux rootkit likely is being used in cybercrime operations rather than in targeted attacks..."
How the virus gets implanted in the first place I'm not sure.