• Garnet: Running Debian Sid, so affected by vulnerability; hastily downgraded to 5.4.5
  • Amethyst: FreeBSD still ships 5.4.x
  • Pearl: Obsolete and currently unused hardware, so Linux hasn’t been updated since October and OSX hasn’t been updated since 2009.
  • Pearl-II: Void Linux still ships with 5.4.x, and the malware requires glibc anyway (I’m running musl); macOS partition still has 5.4.x (which is strange, given that I use pkgsrc, which shipped 5.6.x)
  • LapisLazuli: According to Mageia, everything’s fine
  • Spinel: Running Raspbian Stable, which still ships 5.4.x
  • Hovenko
    link
    fedilink
    38 months ago

    You mean steam deck? Custom version of arch. But even pacman is locked by default there so I doubt the naughty package made it there

    • @Unyieldingly
      link
      18 months ago

      I think Steam runtime has some xz stuff does it not?

      • Hovenko
        link
        fedilink
        18 months ago

        Everything has it to some degree. More important is:

        1. is it using the compromised version?
        2. Is ssh package using sysytemd-notify?
        3. Is ssh server service being open to the internet?