Updated openssh packages fix security vulnerabilities:

sshd in OpenSSH before 6.6 does not properly support wildcards
on AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character (CVE-2014-2532).

Matthew Vernon reported that if a SSH server offers a HostCertificate
that the ssh client doesn’t accept, then the client doesn’t check
the DNS for SSHFP records. As a consequence a malicious server can
disable SSHFP-checking by presenting a certificate (CVE-2014-2653).