Description: Multiple security bugs have been fixed in the latest releases of OpenSSL.
- fixed carry propagating bug in the x86_64 Montgomery squaring procedure
- fixed bug with bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash
Affected versions: OpenSSL 1.1.0x and 1.0.2x
- OpenSSL 1.1.0 users should upgrade to 1.1.0d
- OpenSSL 1.0.2 users should upgrade to 1.0.2k