A FreeBSD Security Advisory concerning an OpenSSH vulnerability has recently been issued. You can view the full description of the vulnerability and solution on the mailing list page. User Vivek Gite also provides a solution for the problem below.

I.   Background

OpenSSH is an implementation of the SSH protocol suite, providing an
encrypted and authenticated transport for a variety of services,
including remote shell access.

OpenSSH supports accessing keys provided by a PKCS#11 token.

II.  Problem Description

The ssh-agent(1) agent supports loading a PKCS#11 module from outside a
trusted whitelist.  An attacker can request loading of a PKCS#11 module
across forwarded agent-socket. [CVE-2016-10009]

When privilege separation is disabled, forwarded Unix domain sockets
would be created by sshd(8) with the privileges of 'root' instead of
the authenticated user. [CVE-2016-10010]

Original announcement: https://lists.freebsd.org/pipermail/freebsd-security-notifications/2017-January/000305.html

OpenSSH is critical for both sysadmin and programmers. It is an implementation of the SSH protocol suite, from OpenBSD project. It provides an encrypted session to your server.

OpenSSH multiple vulnerabilities

OpenSSH has multiple vulnerabilities as of 11th January 2017 running on FreeBSD operating system. From the advisory:

The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. [CVE-2016-10009]

When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of ‘root’ instead of the authenticated user. [CVE-2016-10010]

Patch your FreeBSD server: https://www.nixcraft.com/patch-your-freebsd-server-for-openssh-vulnerabilities-11jan2017/168/