OpenSSH < 4.4 Multiple GSSAPI Vulnerabilities & OpenSSH X11 Session Hijacking Vulnerability
The OpenSSH version has actually been patched on our servers for more than a year when the exploit was first announced by the makers of the software. While the version number remains the same, the actual code in the program was modified as per vendor specs. PCI scanning companies appear to be searching for just the version number, and since the number matches that which is in their exploitable list, they are coming up with a false positive match.
You can safely notify them that this has been resolved on our servers.
If they reject the "false positive" notification, please ask them to provide steps to TEST their detection.