OpenBSD erratum 023:
2016-03-10
Lack of credential sanitization allows injection of commands to xauth(1). Prevent this problem immediately by not using the "X11Forwarding" feature (which is disabled by default).
binpatch57-(amd64)-ssh-2.0.tgz
Download
amd64