Debian has warned of a vulnerability in its cryptographic functions that could leave systems open to attack. UPDATE – many, many sites reporting on the issue.
Read more here
Debian said the flaw arises for a change it alone made in the OpenSSL package, suggesting that Linux distributions not derived from Debian are free from the bug. One Reg reader has traced the flaw back to an attempt to silence a warning from a debugging tool. Another has suggested the bug resides within OpenSSL itself and dates from May 2006, a theory we are currently investigating.