:A security issue has been reported in OpenSSL, which can potentially be exploited by malicious people to bypass certain security restrictions.The security issue is caused due to an error in the implementation of the Pseudo Random Number Generator (PRNG), where a PRNG key and seed are used that correspond to the last FIPS self-test. This leads to predictable generated random data and may weaken the security of applications relying on the module.The security issue affects version 1.1.1.Solution:The vendor has issued two patches that demonstrate fixes for the security issue.http://www.openssl.org/news/patch-CVE-2007-5502-1.txthttp://www.openssl.org/news/patch-CVE-2007-5502-2.txtThe vendor recommends waiting for official approval of a patched distribution. No changes are permitted for FIPS 140-2 validated software without prior official approval.Provided and/or discovered by:The vendor credits Geoff Lowe of Secure Computing Corporation.Original Advisory:http://www.openssl.org/news/secadv_20071129.txt

Original post by nitish