And the Lord said, "Thou shalt patch thine servers. Posthaste."

This is the real deal, folks. The general zeitgeist in my sysadmin circles is that this is the most severe, widespread, high-potential-for-damage bug in a decade. If you're running a vulnerable version, you need to assume that your private keys have been compromised. After upgrading to a non-vulnerable OpenSSL version, you will need to regenerate new keys and get new SSL certificates issued and installed.

We have the makings of a Canonical question on Heartbleed over on Serverfault. Answers to that question will hopefully cover what needs to be done to respond to the Heartbleed vulnerability.