- Security fix: change behavior of OpenSSL to avoid using environment
variables when running as root.
- Security fix: check the result of RSA-CRT to reduce the possibility
of deducing the private key from an incorrectly calculated signature.
- Security fix: prevent Bleichenbacher's DSA attack.
- Security fix: Zero the premaster secret after deriving the master
secret in DH ciphersuites.
complete announcement available at: