The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.
lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
secunia.com/advisories/57353
support.apple.com/kb/HT5784
www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
www.mandriva.com/security/advisories?name=MDVSA-2011:137
www.securitytracker.com/id?1026012
bugzilla.redhat.com/show_bug.cgi?id=736079
cvs.openssl.org/chngview?cn=21337
marc.info/?l=bugtraq&m=132750648501816&w=2
marc.info/?l=bugtraq&m=133226187115472&w=2
openssl.org/news/secadv_20110906.txt