The OpenSSL Project has released several security fixes for the tool, although fears of a Heartbleed-level flaw have proved unfounded.
The project announced the update in a public statement, revealing two 'high priority' fixes, nine 'moderate priority' and three 'low 'priority' fixes.
The first of the high priority issues relates to the risk of a denial of service (DoS) attack and is named CVE-2015-0291.
"If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server," it said.
"This issue affects OpenSSL version: 1.0.2. OpenSSL 1.0.2 users should upgrade to 1.0.2a."
The second major fix - CVE-2015-0204 - is perhaps more notable, as it concerns the recent Freak flaw which, while already known about by the OpenSSL Foundation, has now been discovered to affect more systems than originally known.
"This was classified low because it was originally thought that server RSA export cipher suite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export cipher suite," it said.
"Recent studies have shown that RSA export cipher suites support is far more common."
Ken Westin, senior security analyst at Tripwire, said that, while the fixes were important, there would no doubt be relief there was no major security flaw revealed.
“The security community appears to have dodged a bullet with regards to these vulnerabilities. Where many were expecting something along the same lines as Heartbleed, the vulnerabilities announced with a high severity rating will not have a significant impact," he said.
"The CVE-2015-0291 vulnerability could cause a disruption of services, but only in very rare occurrences where a server requests a certificate from a client, something that would happen in rare implementations."
Despite the fact the flaws are not on the scale of something like Heartbleed, Trey Ford, global security strategist for Rapid7, said crooks would still look to exploit them, so firms must patch their systems promptly.
"We expect to see corresponding attack code quickly built by those reverse engineering the published patches - steps to push these fixes to internet exposed systems should be prioritized," he said.
"Export ciphers are overdue for retirement, and organizations using them should looks for ways to upgrade to more stringent encryption standards."
Earlier in March, Cryptography Services researchers announced plans to launch a huge independent audit of OpenSSL security as part of a wider push by the Linux Foundation to improve open source projects' cyber defences.
Last week, IBM researchers highlighted developers' and businesses' poor patch practices as a major factor contributing to a 20 percent increase in data breaches over the past year.
IBM software case reminiscent of TSMC trade secrets theft claim
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?
CISO pay boom as security become a boardroom concern