Researchers at the Qualys Threat Research Unit (TRU) have unearthed discovered a critical security flaw in OpenSSH's server (sshd) in glibc-based Linux systems.
If I'm not mistaken, it seems like this is a timing attack and you need a lot of attack attempts to make it work. If you have like a fail2ban rule for ssh it should mitigate this attack to quite some degree, right? (Of course updating would still be the best).