OpenSSH is rumored to have a new exploit in versions prior to 3.0.2. The specific one is 2.9.2 or p2 for non-openbsd people.
There are known (although low risk) exploits in versions 3.0.1 and earlier. Also, SSHD 2.4.0 is believed vulnerable also.
I have been noticing a bunch of scans to 22 that have strange packets (SYN and etc) and it appears to be related to a program that a cracker group named TESO created.
I am going to download the crack code now to look at it and do some testing. Others are also looking at it.
For those who challenged me to break into their boxen or stop bashing distros, first I am not a cracker and don't really have time to play those games and second your valued, prized team that also makes openSSH (and installs it on your distro) is not infallible. Don't make challenges until you know the facts.
Bottom line, do what you want, but if you depend on someone else or a (worse yet) a distro to be secure, be ready to be compromised.
