The patches address security issues in OpenSSL that were outlined on our site last month, and originally published by NISCC on Sept. 30. Fixes for these problems are available in the latest versions of OpenSSL (0.9.6k and 0.9.7c).

OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a general purpose cryptography library.

Topically, the host involved in todays fraud attack on National Westminster was, according to the published Apache module line running a vulnerable version of OpenSSL.