The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
marc.info/?l=bugtraq&m=132750648501816&w=2
marc.info/?l=bugtraq&m=133951357207000&w=2
marc.info/?l=bugtraq&m=134039053214295&w=2
rhn.redhat.com/errata/RHSA-2012-1306.html
rhn.redhat.com/errata/RHSA-2012-1307.html
rhn.redhat.com/errata/RHSA-2012-1308.html
secunia.com/advisories/48528
secunia.com/advisories/55069
secunia.com/advisories/57353
support.apple.com/kb/HT5784
www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
www.debian.org/security/2012/dsa-2390
www.kb.cert.org/vuls/id/737740
www.mandriva.com/security/advisories?name=MDVSA-2012:006
www.mandriva.com/security/advisories?name=MDVSA-2012:007
www.openssl.org/news/secadv_20120104.txt