Red Hat security team rates the vulnerability 'important'. The OpenSSL server has now been patched to fix a critical flaw which could be used to remotely execute code or cause an application to crash.
The vulnerability was found in the OpenSSL TLS server extension code parsing which could be exploited in a buffer overrun attack.

All versions of OpenSSL supporting TLS extensions are affected, including OpenSSL 0.9.8f to 0.9.8o, 1.0.0 and 1.0.0a releases, according to an OpenSSL security advisory.

"Any OpenSSL-based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism," the advisory said. "Servers that are multi-process and/or disable internal session caching are NOT affected."

Apache HTTP server and Stunnel are not affected, according to the OpenSSL team.