Security Hole in SSH1 with RSAREF

Read the CERT Advisory carefully, because it's a bit complex. A buffer overrun in the RSAREF2 library, a common implementation of a common crypto algorithm, combines with a buffer overrun in version 1 of sshd to allow unauthorized execution of arbitrary code. PGP is not affected. SSH2 is not affected. All versions of the free SSH1 are affected, but only "when --with-rsaref is explicitly supplied on the command line." (On my system, "ssh&nbsp-V" tells me whether I compiled in RSAREF, presumably the same for both client and server.)