UPDATE: New packages can be found at Red Hat's errata site: https://rhn.redhat.com/errata/RHSA-2003-279.html. As Red Hat provides checksums which can be verified, you should get those packages rather than use these.
These packages are patched versions of OpenSSH for Red Hat systems. For info about the exploit, see the original announcement. Once Red Hat has official packages, these files will be removed, and a link to the appropriate errata page will be provided.
Email Brian Gannon at brian@SPAMSUCKS.BAD.gannon.com if you have any problems with these files.
Last updated: Tue Sep 16 09:55:50 PDT 2003