OpenSSH remote execution bug?
One of the fixed security bugs (mentioned in the release notes) was:
* sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution. Also reported by Moritz Jodeit.
Sounds like a remotely exploitable bug that may not need a local account. Anyone know the details?