Sample emergency bump for Gentoo:

Firstly and most importantly: check http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-... to see whether the Gentoo developers have already bumped OpenSSL in the official repository. If so, ignore everything below!

  wget -O /usr/portage/distfiles/openssl-1.0.0i.tar.gz http://www.openssl.org/source/openssl-1.0.0i.tar.gz
  chown portage:portage /usr/portage/distfiles/openssl-1.0.0i.tar.gz
  chmod g+w /usr/portage/distfiles/openssl-1.0.0i.tar.gz
  mkdir -p /usr/local/portage/dev-libs/openssl
  cp /usr/portage/dev-libs/openssl/openssl-1.0.0h.ebuild /usr/local/portage/dev-libs/openssl/openssl-1.0.0i.ebuild
  cp -R /usr/portage/dev-libs/openssl/files /usr/local/portage/dev-libs/openssl/
  ebuild /usr/local/portage/dev-libs/openssl/openssl-1.0.0i.ebuild digest
  emerge -1q =dev-libs/openssl-1.0.0i
  shutdown -r -t 0 now

Skip the first 3 commands when mirrors have the latest OpenSSL tarballs.

Preferably skip the last command and manually restart daemons that rely on OpenSSL. I have used the drastic example of restarting the entire server in case someone blindly follows the above commands without thinking it through carefully.

Note that openssl-1.0.1* is currently masked in Gentoo ~amd64. If you have it unmasked, it should be easy to adjust the above commands to use openssl-1.0.1a instead.