OpenSSL version 1.0.2r has been released to address a vulnerability for users of versions 1.0.2–1.0.2q. An attacker could exploit this vulnerability to obtain sensitive information.
CERT Bulgaria recommends users and administrators to review the OpenSSL Security Advisory and apply the necessary update.
OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support
for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th
September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.