Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked in an error state, causing data to be passed without being decrypted or encrypted directly from the SSL/TLS record layer. CVE-2017-3738 It was discovered that OpenSSL contains an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171207.txt