The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software. The flaws could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification attacks. Both the flaws have been resolved in an update (version OpenSSL 1.1k) released on Thursday. Neither of the issues affect any version of the software that has been out of support since January 1, 2020. Applications that rely on a vulnerable version are advised to apply the patches to mitigate the risk.
Source: https://thehackernews.com/2021/03/openssl-releases-patches-for-2-high.html