This update for openssh fixes the following issues: - CVE-2016-6210: Prevent user enumeration through the timing of password processing [-prevent_timing_user_enumeration] - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used - CVE-2016-6515: Limiting the accepted password length to prevent possible DoS Bug fixes: - avoid complaining about unset DISPLAY variable