The developers behind OpenSSH acknowledged and fixed over the weekend that a memory corruption vulnerability exists in some builds of the main suite. If exploited, the vulnerability could lead to an authenticated code execution flaw. The main problem stems from the post-authentication SSHD process and the AES-GCM cipher during key exchange. The SSHD wasn t initializing a message authentication code (MAC) and a cleanup callback was still being invoked during a re-keying operation
Source: https://threatpost.com/openssh-fixes-memory-corruption-bug-with-update/102894/