A remote attacker may be able to perform attacks against the shared memory manager used by pre-authentication compression support.
+
Furthermore a local attacker may be able to execute arbitrary code and disclose sensitive information under certain circumstances or possibly escalate privileges when having privilege separation explicitly disabled.