Patch All The Things! New "Cupid" Technique Exploits Heartbleed Bug (PCMagazine)

This is what was replaced, AFAIK I'm not running anything tasteless enough to statically link it in (least on Linux, on Windows the story could be worse).

Distribution: openSUSE 13.1
/usr/lib64/libgnutls-xssl.so.0.0.0
/usr/lib64/libgnutls.so.28.25.0

# services holding libgnutls open
for s in xdm dbus; do systemctl restart $s; done

Actually I got lucky, the latest OpenSSL fixes are available, which added wpa_supplicant.service and sshd to the restart list.

Alot of trouble, for a feature I don't knowingly use, some kind of dynamic on-demand loading based system bit like kernel modules, which allowed disabling insecure (or unused) features, would be a nice mitigation. The problem is breaking the "just works" paradigm, though I guess white & black lists where security fixes are pending might not be too awful.