As announced earlier this week,OpenSSLreleased an update today for all currently supported versions (1.0.1, 1.0.2, 1.1.0).
The update fixes 14 different vulnerabilities. Only one vulnerability is rated High. This vulnerability,CVE-2016-6304, can lead to memory exhaustion and a denial of service if the client sends multiple largeOCSP">OCSP">">">SWEET32">">OOB write in">">MalformedSHA512">">">">Pointer arithmetic undefinedbehaviour">">">">">">">">Excessive allocation of memory in">">">x
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.