OpenSSL has the patches for six flaws including two high-severity bugs that could allow attackers to decrypt HTTPS traffic and execute malicious code on the server. The Padding Oracle flaw allows an attacker to repeatedly probe an encrypted payload in the attempt to retrieve the plaintext. The second bug ( CVE-2016-2108) is a buffer overflow vulnerability in the OpenSSL that only affects OpenSSL versions prior to April 2015. The flaw can be triggered by using maliciously-crafted digital certificates signed by trusted certificate authorities.”]
Source: http://securityaffairs.co/wordpress/47016/hacking/openssl-secere-flaws.html