Re:Saw this on Digg (Score 1)

Just changing the root password is not enough, this 'bug' was here for months any could have installed a rootkit or did who knows what. This is going to be a fresh install for me.

The password is only available to someone with local access to the system. If your system only has one account (like mine), someone would only be able to read the password if they knew it already.

This vulnerability is serious for computer lab setups, but it's irrelevant for home users that aren't running any remotely accessibly services.