It appears that there's no need to backport a new version of OpenSSH. As you can see here: http://www.openssh.com/txt/cbc.adv you only need to add this line:
Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc to ssh_config and sshd_config and restart the daemon. Also: The severity is considered to be potentially HIGH due to the 32 bits of plaintext that can be recovered. However, the likelihood of a successful attack is considered LOW. (http://www.openssh.com/txt/cbc.adv) -- Security flaw in openSSH prior to 5.2 https://bugs.launchpad.net/bugs/379329 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
