Hopefully one of the SuSE gurus will pick this up, check it, package it and release it for the masses.
Of course. We've been at it since Wednesday. Our packages are being tested right now and will most likely be published on Tuesday if not Monday, along with the usual announcement. What the bug itself is concerned: Yes, it is a bug, and it needs to be fixed everywhere. But the conditions under which it is possible to exploit the weakness are somewhat academic: high speed hq network, man-in-the-middle, the same plaintext block that gets transmitted regularly and that the application using SSL doesn't care about corrupted packages. The reason to be fast with it is because of the fact that we're talking openssl, but there is no reason to panic.
Steve
Roman.