It appears that there's no need to backport a new version of OpenSSH. As you can see here: http://www.openssh.com/txt/cbc.adv you only need to add this line:
to ssh_config and sshd_config and restart the daemon.
Also:
The severity is considered to be potentially HIGH due to the
32 bits of plaintext that can be recovered. However, the
likelihood of a successful attack is considered LOW.
(http://www.openssh.com/txt/cbc.adv)
It appears that there's no need to backport a new version of OpenSSH. As you can see here: http:// www.openssh. com/txt/ cbc.adv you only need to add this line:
Ciphers aes128- ctr,aes256- ctr,arcfour256, arcfour, aes128- cbc,aes256- cbc
to ssh_config and sshd_config and restart the daemon. www.openssh. com/txt/ cbc.adv)
Also:
The severity is considered to be potentially HIGH due to the
32 bits of plaintext that can be recovered. However, the
likelihood of a successful attack is considered LOW.
(http://