We updated the FAQ question to cover this. For most users, fixing can be done by installing patched versions of their SSH implementations as they come available. If you feel uncomfortable waiting for an update, you may disable the affected cipher modes temporarily and use other modes like AES-GCM instead. But keep in mind that a faulty configuration can cause you to loose access to the server.
Fwiw, I found a bunch of clients and libraries that didn't support AES-GCM at all, or only very recently. libssh2 is one example. That's made me nervous to make AES-GCM the only supported cipher as a mitigation.
Depends a bit on the MAC. CTR-EtM is technically vulnerable (i.e. cryptographically broken), but due to key stream desynchronization the attack will quickly lead to application errors, defeating the attacker. See Sect. 4.3.3.
