- Security fix: change behavior of OpenSSL to avoid using environment variables when running as root. - Security fix: check the result of RSA-CRT to reduce the possibility of deducing the private key from an incorrectly calculated signature. - Security fix: prevent Bleichenbacher's DSA attack. - Security fix: Zero the premaster secret after deriving the master secret in DH ciphersuites. complete announcement available at: http://www.openssl.org/news/announce.html