The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. Red Hat said it rated the vulnerability, CVE-2016-3115, moderate severity. An attacker could abuse this to read files as a privileged user, or use other xauth commands to leak information, overwrite files, probe ports and more. OpenSSH has been, for two years, disabling older, insecure crypto implementations, project leader Theo de Raadt said.
Source: https://threatpost.com/openssh-implementations-with-x11forwarding-enabled-should-heed-recent-security-update/116801/