Please consider using OpenSSH-2.5 instead of 2.3, since 2.5 finally
includes an sftp client.
2.5.1p1 is in rawhide.
Hm, I guess we will see a security errata for OpenSSH anyway, do we? ;->
Sorry, Red Hat ships at least 2.3.0p1 which is not known to be vulnerable. So,
no security update needed.