This issue was addressed in Red Hat Enterprise Linux 2.1, 3 and 4:
Issue was fixed upstream in version 4.3. The openssh packages in Red Hat Enterprise Linux 5 are based on the fixed upstream version and were not affected by this flaw.
Red Hat Security Errata
|Red Hat Enterprise Linux 3 (openssh)||RHSA-2006:0298||2006-07-20|
|Red Hat Enterprise Linux 4 (openssh)||RHSA-2006:0044||2006-03-07|
|Red Hat Enterprise Linux 2.1 (openssh)||RHSA-2006:0698||2006-09-29|