I'm not going to rehash everything that's been said about how the vulnerability works, why anyone should patch or what else they need to do - at least not yet.
This post is just a list of resources so I can keep my sanity.
GENERAL
The OpenSSL advisory:
http://www.openssl.org/news/secadv_20140407.txt
An easy way to check for whether heartbeat extensions may be enabled:
openssl s_client -connect <server>:<port> -tlsextdebug | grep -i heartbeat
SANS Webcast covering the vulnerability (9 April 2014, 20.15 EDT):
https://www.sans.org/webcasts/openssl-heartbleed-vulnerability-98105
SANS Webcast "part two" (10 April 2014):
https://www.sans.org/webcasts/heartbleed-vulnerability-2-98130
SANS Webcast on *CLIENT* side exploitation:
https://www.sans.org/webcasts/side-heartbleed-clientside-heartbleed-vulnerabilities-explained-98135
Snort and Suricata rules:
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
http://blog.inliniac.net/2014/04/08/detecting-openssl-heartbleed-with-suricata/
https://lists.emergingthreats.net/pipermail/emerging-sigs/2014-April/024056.html
LOCAL SCANNERS
An NMAP script to check if a server is vulnerable (note: originally only checked on of the three TLS versions):
http://seclists.org/nmap-dev/2014/q2/att-25/ssl-heartbleed.nse
A MetaSploit module:
http://www.rapid7.com/db/modules/auxiliary/scanner/ssl/openssl_heartbleed
Even better, a MetaSploit module for exploiting clients:
http://www.rapid7.com/db/modules/auxiliary/server/openssl_heartbeat_client_memory
A scanner I've been really pleased with:
https://gist.github.com/takeshixx/10107280
Another python-based scanner, checks all TLS versions:
https://gist.github.com/jpicht/10114168
*Another* python-based scanner, this time for checking your clients:
https://github.com/Lekensteyn/pacemaker
Another server scanner my co-workers have been really pleased with:
https://github.com/FiloSottile/Heartbleed
An excellent, fast server scanner called masscan now has heartbleed support:
https://github.com/robertdavidgraham/masscan
WEB-BASED SCANNERS
Enter your server's <host>.<domain> to see if it is vulnerable:
http://filippo.io/Heartbleed/
This one, courtesy of Qualys, gives a really nice health check:
https://www.ssllabs.com/ssltest/
OS Advisories And Updates
Ubuntu
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-
Debian
https://security-tracker.debian.org/tracker/CVE-2014-0160
RHEL
http://rhn.redhat.com/errata/RHSA-2014-0376.html
CentOS
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
Gentoo
http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml
Cygwin (okay, not a distribution, but they were second only behind Gentoo in patching)
http://cygwin.com/packages/
FreeBSD
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc