According to postings on Full-Disclosure mailinglist (see URL), there seem to be several vulnerabilities in the most recent version of OpenSSH. These vulnerabilities permit remote root access to the OpenSSH server. No details or patches seem to be publically available yet, but one should be very careful (e.g. restrict access to sshd from trusted networks only; privilege separation doesn't seem to help) and upgrade OpenSSH as soon as fixes are released.
re-open when a real CERT or announcement has been made
Bug 28873 :)