The OpenSSL server has now been patched to fix a critical flaw which could be used to remotely execute code or cause an application to crash.
The vulnerability was found in the OpenSSL TLS server extension code parsing which could be exploited in a buffer overrun attack.
All versions of OpenSSL supporting TLS extensions are affected, including OpenSSL 0.9.8f to 0.9.8o, 1.0.0 and 1.0.0a releases, according to an OpenSSL security advisory.
"Any OpenSSL-based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism," the advisory said. "Servers that are multi-process and/or disable internal session caching are NOT affected."
Apache HTTP server and Stunnel are not affected, according to the OpenSSL team.
The security response team at Red Hat, which uses OpenSSL in Enterprise Red Hat Linux, rated the flaw as 'important'.
"It may be possible for a remote attacker to trigger this race condition and cause such an application to crash, or possibly execute arbitrary code with the permissions of the application," said a Red Hat security advisory.
Users of all OpenSSL 0.9.8 releases from 0.9.8f to 0.9.8o should update to the OpenSSL 0.9.8p release which contains a patch to correct the issue.
Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release which also contains a patch.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago