This is one for the books. Several OpenSSL implementations, including Denbian and its children, including Ubuntu, have been crippled since September 2006. It's described on the metasploit web site
The pseudo-random number generator (PRNG) was broken such that it only used the Unix process ID as the unchanging random input to the generator process. In other words, these security packages could not generate more than 32,768 different keys (since there were only 32,768 different process IDs on Unix).