The OpenSSH team just released a security advisory about a vulnerability affecting both OpenSSH 6.2 and 6.3.
If you are not familiar with OpenSSH, it’s the software used by a large majority of servers and hosting providers to provide SFTP and SSH services. Any vulnerability discovered in OpenSSH could have a major impact to website owners, and the Internet in general.
The good news is that this vulnerability only affects newer versions of OpenSSH, which are not widely used yet. If you are using Ubuntu 13.10 or Fedora 19, you are likely vulnerable. All other Linux distributions appears to be safe. To double check, log into your server via SSH and type the following command:
# sshd -h OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
If you see OpenSSH_6.2 or OpenSSH_6.3, you know you are using the affected versions.