A flaw was found in the way that OpenSSL handled OCSP response verification, which could be exploited to conduct a denial of service attack. This flaw affects all versions of OpenSSL and is fixed in versions 1.0.1d, 1.0.0k, and 0.9.8y. External References: http://www.openssl.org/news/secadv_20130205.txt
Upstream commits: 0.9.8: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=66e8211c0b1347970096e04b18aa52567c325200 1.0.0: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0 1.0.1: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
openssl-1.0.1e-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0587 https://rhn.redhat.com/errata/RHSA-2013-0587.html
openssl-1.0.0k-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2013:0636 https://rhn.redhat.com/errata/RHSA-2013-0636.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 5.2.0 Via RHSA-2013:0783 https://rhn.redhat.com/errata/RHSA-2013-0783.html
This issue has been addressed in following products: JBoss Enterprise Web Platform 5.2.0 Via RHSA-2013:0782 https://rhn.redhat.com/errata/RHSA-2013-0782.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 6.1.0 Via RHSA-2013:0833 https://rhn.redhat.com/errata/RHSA-2013-0833.html
This issue has been addressed in following products: Red Hat JBoss Web Server 2.0.1 Via RHSA-2013:1013 https://rhn.redhat.com/errata/RHSA-2013-1013.html