'The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.'
ClearOS contains backported fixes for this flaw prior to the general release.
Reports that ClearOS are affected by this vulnerability are grossly inaccurate and represent an inability for the audit system to properly distinguish between normal and backported versions of SSH running on Linux. ClearOS is not affected by this bug since it included the fixes before any release.
No action required.