This update of openssl fixes the following denial of
- Denial of Service via CBC mode handling.
<<a rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333</a>
- A deadlock condition introduced by the previous
memory leak fix due to entering a lock twice. This would
only happen in multithreaded programs.
In addition, openssl's cms subcommand (Crypthographic
Message Syntax) has been enabled.