OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.A flaw was found in the way OpenSSL determined which hashing algorithm touse when TLS protocol version 1.2 was enabled. This could possibly causeOpenSSL to use an incorrect hashing algorithm, leading to a crash of anapplication using the library. (CVE-2013-6449)It was discovered that the Datagram Transport Layer Security (DTLS)protocol implementation in OpenSSL did not properly maintain encryption anddigest contexts during renegotiation. A lost or discarded renegotiationhandshake packet could cause a DTLS client or server using OpenSSL tocrash. (CVE-2013-6450)A NULL pointer dereference flaw was found in the way OpenSSL handledTLS/SSL protocol handshake packets. A specially crafted handshake packetcould cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)All OpenSSL users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. For the update to takeeffect, all services linked to the OpenSSL library must be restarted, orthe system rebooted.