But this time it's not the implementation, it's the protocol.
Check this out for a description:
http://lasecwww.epfl.ch/memo_ssl.shtml
There's a little more general information found in links on Slashdot's story here.
Don't rush out and replace your sshd, though. This attack apparently only affects the web-implementations (webmail, etc) of SSH. We'll see...