• Garnet: Running Debian Sid, so affected by vulnerability; hastily downgraded to 5.4.5
  • Amethyst: FreeBSD still ships 5.4.x
  • Pearl: Obsolete and currently unused hardware, so Linux hasn’t been updated since October and OSX hasn’t been updated since 2009.
  • Pearl-II: Void Linux still ships with 5.4.x, and the malware requires glibc anyway (I’m running musl); macOS partition still has 5.4.x (which is strange, given that I use pkgsrc, which shipped 5.6.x)
  • LapisLazuli: According to Mageia, everything’s fine
  • Spinel: Running Raspbian Stable, which still ships 5.4.x
    • Hovenko
      33 months ago

      You mean steam deck? Custom version of arch. But even pacman is locked by default there so I doubt the naughty package made it there

        • Hovenko
          13 months ago

          Everything has it to some degree. More important is:

          1. is it using the compromised version?
          2. Is ssh package using sysytemd-notify?
          3. Is ssh server service being open to the internet?