OpenSSL has been updated to fix several security issues:
* CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL
compression by default. Setting the environment variable
'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again.
* CVE-2013-0169: Timing attacks against TLS could be used by physically
local attackers to gain access to transmitted plain text or private
keymaterial. This issue is also known as the 'Lucky-13' issue.
* CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Security Issue references:
* CVE-2013-0169
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169>
* CVE-2013-0166
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166>