openssh < v3.7 is vulnerable. nice to know that this server has buffer-overflow protection ;)
the gentoo devs will soon release an updated openssh ebuild.
hm.. i wonder whether i should upgrade to kernel 2.6.0-test5 to get some better performance as well :)
[update 20030917: the first patch doesn’t fix it yet, thus update openssh to v3.7.1. “once again” also applies to windows. both won’t be the last vulnerabilities of their kinds for sure..]