• Garnet: Running Debian Sid, so affected by vulnerability; hastily downgraded to 5.4.5
  • Amethyst: FreeBSD still ships 5.4.x
  • Pearl: Obsolete and currently unused hardware, so Linux hasn’t been updated since October and OSX hasn’t been updated since 2009.
  • Pearl-II: Void Linux still ships with 5.4.x, and the malware requires glibc anyway (I’m running musl); macOS partition still has 5.4.x (which is strange, given that I use pkgsrc, which shipped 5.6.x)
  • LapisLazuli: According to Mageia, everything’s fine
  • Spinel: Running Raspbian Stable, which still ships 5.4.x
    • Hovenko
      link
      fedilink
      18 months ago

      Everything has it to some degree. More important is:

      1. is it using the compromised version?
      2. Is ssh package using sysytemd-notify?
      3. Is ssh server service being open to the internet?