As I posted about previously, it appears that the current 3.7.1p version of OpenSSH does *not* fix the recent bugs, there is a working exploit in circulation. As far as I know, OpenSSH 3.7.1 for OpenBSD is not affected.
Also, if you run Sendmail you'd be advised to upgrade to 8.12.10, as there is a critical buffer overflow in the address parsing code affecting releases prior to this. A working exploit has been around for some time it seems.
Get upgrading!
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved before your comment will appear.)