tl;dr: >=9.8p1 safe
do sshd -V on your server to check version
close your external-facing ports / disable sshd if you don't have a patch
if you need to keep those ports open for some reason, mitigate by setting LoginGraceTime = 0 in /etc/ssh/sshd_config, but note it will open you up to dos attacks; be sure you're also running something like fail2ban to help mitigate dos risk
OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.
Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.
The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.
OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.