An update for OpenSSL was just released to address various security vulnerabilities (low to moderate risk) and it is recommended that you update as soon as possible.
Based on your operating system distro / control panel, the update should be available in the repository in the near future.
The following issues were addressed in this update:
[1] DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
[2] DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
[3] no-ssl3 configuration sets method to NULL (CVE-2014-3569)
[4] ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
[5] RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
[6] DH client certificates accepted without verification [Server] (CVE-2015-0205)
[7] Certificate fingerprints can be modified (CVE-2014-8275)
[8] Bignum squaring may produce incorrect results (CVE-2014-3570)
Following are the version update detail:
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
For detailed information about this update, please refer their official release note from the following URL: