OpenSSL has released security updates to address several vulnerabilities that impact previous versions of OpenSSLÂ 1.1.0 and 1.0.2.Â
One of the vulnerabilities (CVE-2018-0739) could result in denial of service (DoS) condition if exploited:Â
 “Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe,” according to the advisory.Â
Another moderate severity vulnerability (CVE-2018-0733) was also addressed related to an implementation bug (CVE-2017-3738) in the PA-RISC CRYPTO_memcmp function, as well as a low severity overflow bug.Â
OpenSSL 1.1.0 and OpenSSL 1.0.2 users should upgrade to latest OpenSSL versions 1.1.0h and 1.0.2o respectively.