OpenSSL -- multiple vulnerabilities

The OpenSSL Project reports:

An attacker using a carefully crafted handshake can force
the use of weak keying material in OpenSSL SSL/TLS clients
and servers. This can be exploited by a Man-in-the-middle
(MITM) attack where the attacker can decrypt and modify
traffic from the attacked client and server. [CVE-2014-0224]
By sending an invalid DTLS handshake to an OpenSSL DTLS
client the code can be made to recurse eventually crashing
in a DoS attack. [CVE-2014-0221]
A buffer overrun attack can be triggered by sending invalid
DTLS fragments to an OpenSSL DTLS client or server. This is
potentially exploitable to run arbitrary code on a vulnerable
client or server. [CVE-2014-0195]
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are
subject to a denial of service attack. [CVE-2014-3470]