This weblog is no longer being maintained. All information here has been ported to EclecticEchoes.com. This site (heupel.com/eclectic) remains only for archival purposes.
Looks like there’s a vulnerability in OpenSSH versions prior to 3.7 – the vulnerability may also affect any code/products based on OpenSSH code. A patch is available from OpenSSH. Check your SSH and if you need it get patched.