As of today, a bug in OpenSSL has been found affecting versions 1.0.1 through 1.0.1f (inclusive) and 1.0.2-beta.
Since Ubuntu 12.04, we are all vulnerable to this bug. In order to patch this vulnerability, affected users should update to OpenSSL 1.0.1g.
How can every affected user apply this update now?
Security updates are available for 12.04, 12.10, 13.10 and 14.04 see Ubuntu Security Notice USN-2165-1.
So first you need to apply the available security updates, for example by running
sudo apt-get update
sudo apt-get upgrade
from the command line.
Do not forget to restart the services (HTTP, SMTP, etc.) that use the affected OpenSSL version, otherwise you are still vulnerable. See also Heartbleed: What is it and what are options to mitigate it? on Serverfault.com.
The following command shows (after an upgrade) all services that need to be restarted:
sudo find /proc -maxdepth 2 -name maps -exec grep -HE '/libssl.so.* (deleted)' {} ; | cut -d/ -f3 | sort -u | xargs --no-run-if-empty ps uwwp
After that, you need to regenerate all server SSL keys, then evaluate whether your keys may have leaked, in which case attackers may have retrieved confidential information from your servers.
