We’ve just released security updates to OpenSSL 0.9.8, 1.0.0, 1.0.1, and 1.0.2.
These updates fix a number of Moderate and Low severity security issues in OpenSSL. They also fix one new High severity issue, CVE-2015-0291, that affects just OpenSSL 1.0.2, released in January this year. A remote attacker could use this flaw to cause unfixed servers to crash, which could lead to a denial of service attack depending on the server.
The reporter of CVE-2015-0291 has created a private exploit for this issue but we’re not aware of any public exploitation at this time. The number of targets will be limited as OpenSSL 1.0.2 was only released a few months ago.