I tried fixing the heartbleed bug on my debian installation.
Most of the websites suggest, that updating to the newest Openssl release
fixes the problem.
Howevery, an "apt-get install openssl" did not fix the problem.
The test website http://filippo.io/Heartbleed/ said - still vulnerable, although
the newest openssl release was fetched by the apt command.
I found a more thoroughly explanation of a possible fix at:
http://unix.stackexchange.com/questions/123711/how-do-i-recover-from-th…
But this also does not tell explicitly, which package to update...
Therefore I tell you which one: libssl1.0.0 does the trick...
apt-get install libssl1.0.0
An apt-get update may be wise to get the latest package infos before doing this.
Heise has also an interesting article about the bug at
http://www.heise.de/security/artikel/So-funktioniert-der-Heartbleed-Exp…
However, only in german.
Don't forget that if you have been vulnerable, the keyset (public, private), the
certificate and the passwords should be changed.