Debian Linux Security Advisory 2390-1 - Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.) Various other issues were also addressed.
1bd9dd54ebd2b8dd8949d61a5c6e4677ff00eb13c0570952b6ac1337b614615a