An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.
bugzilla.redhat.com/show_bug.cgi?id=1369855
www.openssl.org/news/secadv/20160922.txt