The Debian version of the OpenSSL library was the subject of a security breach discovered in late May 2008 generated keys from a much smaller entropy pool than normal.
Read it here
The worst part of this vulnerability is that if you are using distributions other than debian and ubuntu and say i am secure then its not true…because its the nature of diffie hellman keyexchange.
Let me explain this,lets say an vulnerable ubuntu host X exchanges keys with a clean fedora host Y using diffie hellman keyexchange. Even though the fedora is not vulnerable there are chances that secret key exchanged between fedora and ubuntu can be compromised,because an attacker can make a guess on vulnerable ubuntu's secret key 'a' using A(which is easily guessable because of vulnerable openssl ubuntu) .