OpenSSL buffer overflow vulnerability

http://www.openssl.org/news/secadv_20101116.txt

"All versions of OpenSSL supporting TLS extensions contain this
vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a
releases.

Any OpenSSL based TLS server is vulnerable if it is multi-threaded and
uses OpenSSL's internal caching mechanism. Servers that are
multi-process and/or disable internal session caching are NOT affected.

In particular the Apache HTTP server (which never uses OpenSSL internal
caching) and Stunnel (which includes its own workaround) are NOT affected."

The source for the new versions can be found here.

http://www.openssl.org/source/