I would firewall and wait. My gut instinct is one of two things:
A> Hoax. By the little and miss-information given so far, it is either this..
or...
B> This a "smoke and deception" attempt, to cause concern over 4.3.
Why? What if you, some hacker organisation, find a really cool zero-day exploit in sshd 5.2.
Too bad only cutting edge releases (Fedora) incorporate this version. No substantial entities use this in production. Plenty use RHEL/CentOS. Big targets.
It's well known RHEL / CentOS backport all of their security fixes to retain some sort of basic version control. The teams behind this are not to be sneezed at.
RHEL has posted (I read, would have to dig up the link) that they have exhausted all attempts to find any flaw in 4.3. Words to no be taken lightly.
So, back to idea. A hacker decide to somehow cause a stir about 4.3, causing mass hysteria to UG to 5.2p1. I ask: how many of you have already?
To create some "proof" for missdirection, all "said group" would have to do now is take over some previously compromised system (WHMCS? Previous SSH?), create some logs with some half-truths (attack-ee verified "something" happened, yet some things unverifiable by target) hoping someone would "bite". All it takes is one larger entity to do something drastic (...HostGator...) to make it a bit more serious, amidst the growing anxed and confusion.
Many large entities may backport, but some may just upgrade. Those that upgrade, now open to the real zero-day attack with no disclosure as of yet.
I've seen stranger things happen. Like, a bunch of celebrities dying all in a row...