Gentoo Linux Security Advisory GLSA 200610-11 - Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key. Versions less than 0.9.8d are affected.
6eb84f83cecf5e8602848cab7ce13b32b8293f9f3b11438c365eb87466681a8a