The OpenSSL server has now been patched to fix a critical flaw which could be used to remotely execute code or cause an application to crash.
The vulnerability was found in the OpenSSL TLS server extension code parsing which could be exploited in a buffer overrun attack.
All versions of OpenSSL supporting TLS extensions are affected, including OpenSSL 0.9.8f to 0.9.8o, 1.0.0 and 1.0.0a releases, according to an OpenSSL security advisory.
"Any OpenSSL-based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism," the advisory said. "Servers that are multi-process and/or disable internal session caching are NOT affected."
Apache HTTP server and Stunnel are not affected, according to the OpenSSL team.
The security response team at Red Hat, which uses OpenSSL in Enterprise Red Hat Linux, rated the flaw as 'important'.
"It may be possible for a remote attacker to trigger this race condition and cause such an application to crash, or possibly execute arbitrary code with the permissions of the application," said a Red Hat security advisory.
Users of all OpenSSL 0.9.8 releases from 0.9.8f to 0.9.8o should update to the OpenSSL 0.9.8p release which contains a patch to correct the issue.
Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release which also contains a patch.
Success of AMD's Ryzen microprocessor line finally wakes up Intel
British Airways CEO Alex Cruz suggests power surge and the failure of back-ups caused weekend of airline chaos
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store