- If you are using any other version of Bitcoin-Qt/Bitcoin Core, including bitcoind 0.9.0, you are vulnerable only if the rpcssl command-line option is set. If it is not, then no immediate action is required. If it is, and if an attacker could have possibly communicated with the RPC port, then you should consider your wallet to be compromised.
This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.
If you are using a binary version of Bitcoin Core obtained from bitcoin.org or SourceForge, then updating your system's version of OpenSSL will not help. OpenSSL is packaged with the binary on all platforms.
Download 0.9.1
Announcement
Other software (including other wallet software) may also be affected by this bug. OpenSSL is extremely common.