
The vulnerability itself is a design weakness found in the protocol's ability to renegotiate the encryption used in a session after a long-standing connection.
Here is a good write-up and links to some other information regarding the issue.
Stay tuned on this though - and expect many many patches and work-arounds to be issued by vendors.
Comments