The bug afflicts version 1.0.1 and 1.0.2-beta releases of OpenSSL, server software that ships with many versions of Linux and is used in popular Web servers, according to the OpenSSL project’s advisory on Monday night.
OpenSSL has released version 1.0.1g to fix the bug, but many Web site operators will have to scramble to update the software.
Note: OpenSSL Version 0.9.8 is not affected by this bug.