From OpenSSL advisory: A significant flaw in the PRNG implementation for the OpenSSL FIPS Object Module v1.1.1 (certificate #733, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#733) has been reported by Geoff Lowe of Secure Computing corporation. Due to a coding error in the FIPS self-test the auto-seeding never takes place. That means that the PRNG key and seed used correspond to the last self-test. The FIPS PRNG gets additional seed data only from date-time information, so the generated random data is far more predictable than it should be, especially for the first few calls (CVE-2007-5502). Note that this PRNG bug is only present in the v1.1.1 implementation and not in the regular OpenSSL product or in the OpenSSL FIPS Object Module v1.2 now undergoing validation testing. Only those applications using v1.1.1 of the OpenSSL FIPS Object Module which enter FIPS mode are affected. Applications which do not enter FIPS mode or which use any other version of OpenSSL are not affected. Bugs like this in open source software are routinely found and corrected with a patch and/or updated source distribution. In this case two different such fixes have been developed by Dr Stephen Henson <steve-at-openssl.org>: http://www.openssl.org/news/patch-CVE-2007-5502-1.txt (the simplest direct fix) and: http://www.openssl.org/news/patch-CVE-2007-5502-2.txt (a workaround which avoids touching the PRNG code directly). However, for FIPS 140-2 validated software no changes are permitted without prior CMVP approval. In consultation with the CMT test lab we will be submitting a "letter change" update request to the CMVP for the latter of these two patches. This latter patch also addresses a minor issue with the continuous PRNG self test. Once (and if) approved the new distribution containing this patch will be posted to replace the current distribution at http://openssl.org/source/openssl-fips-1.1.1.tar.gz.
If it really affects only FIPS certified versions of OpenSSL then we are not vulnerable at all. We do not ship certified version of OpenSSL.
now public, removing embargo http://www.openssl.org/news/secadv_20071129.txt