Portable OpenSSH version 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM authentication code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). OpenSSH 3.7.1p2 fixes these bugs. Please note that these bugs do not exist in OpenBSD's releases of OpenSSH.

PAM認証に関する脆弱性があるようで。
せっかくアップデートしたのになぁ。