“Suggestions by Yahoo and the BBC that people should change their passwords at once—the typical reaction to a security breach—could make the problem worse if the web server hasn’t been updated to fix the flaw…”
In short, it’s a website server problem so there is little users can do about it until it is patched as, if it’s valunerable, you risk giving away your new password.
Update: Which sites have been patched, which passwords to change (cnet.com).
The Webcomic xkcd has a great graphic showing how the Heartbleed bug works (xkcd.com).