AFIK the openssh vulnerability is “not known to be exploitable” at least for now and the updated packages are in FCOS next and testing streams.
An exploit for the vulnerability was demonstrated on 32 bit systems.
I saw that testing and next got the patch, and moved my images to testing for that reason. It’s just a shame that at least in this instance, users have to choose between stability and security (when it comes to staying current with patches).
Not sure about that since I can’t actually install “32-bit Fedora”.