Uh oh, bad news. The message seems to be: upgrade to OpenSSH 3.3. Downside: 3.3 has problems with compression and PAM, in particular keyboard-interactive authentication. Folks running Debian can read DSA 134 (which, incidentally, leaves potato users in a bind). Note that upgrading will not fix the problem, only prevent a root exploit.