Read more https://packetstormsecurity.com/files/179290/regresshion.txt
OpenSSH Server regreSSHion Remote Code Execution
Qualys has discovered a a signal handler race condition
vulnerability in OpenSSH's server, sshd. If a client does not
authenticate within LoginGraceTime seconds (120 by default, 600 in
old OpenSSH versions), then sshd's SIGALRM handler is called
asynchronously, but this signal handler calls various functions
that are not async-signal-safe - for example, syslog(). This race
condition affects sshd in its default configuration.