OpenSSH allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port. The updated packages have been patched to prevent this issue.