Israel, According to Redhat openssh-server-3.6.1p2-33.30.1 is the latest [https://rhn.redhat.com/errata/RHBA-2004-114.html] You did understand Williams post regarding backporting, right? You cannot depend on major/minor version numbers as a guide to whether a security vulnerability has been fixed - you have to read the errata for the patch level. Thanks, Will