Comment 3 for bug 379329

Ubuntu 9.04 and 9.10 have a backported patch to make the chances for a successful attack even smaller:
openssh (1:5.1p1-5) unstable; urgency=low

  * Backport from upstream CVS (Markus Friedl):
    - packet_disconnect() on padding error, too. Should reduce the success
      probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.

Marking the 9.10 task as "Won't fix" (and added 9.04 for completeness). Added 8.10 task and will backport the packet_disconnect() patch with the next 8.10 openssh security update.

For those that want to address this fully, from http://www.openssh.com/txt/cbc.adv:
"AES CTR mode and arcfour ciphers are not vulnerable to this attack at
all. These may be preferentially selected by placing the following
directive in sshd_config and ssh_config:

Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc"