At least one major security vulnerability exists in many deployed OpenSSH versions (2.9.9 to 3.3). Please see the ISS advisory, or OpenSSH advisory on this topic where simple patches are provided for the pre-authentication problem. . . .
At least one major security vulnerability exists in many deployed OpenSSH versions (2.9.9 to 3.3). Please see the ISS advisory, or OpenSSH advisory on this topic where simple patches are provided for the pre-authentication problem. Systems running with UsePrivilegeSeparation yes or ChallengeResponseAuthentication no are not affected.

The 3.4 release contain many other fixes done over a week long audit started when this issue came to light. We believe that some of those fixes are likely to be important security fixes. Therefore, we urge an upgrade to 3.4.