Subject: OpenSSL NULL-pointer dereference vulnerability

A missing check for a NULL-pointer dereference has been found in
the OpenSSL library.  A remote attacker can use the bug against a
server to cause the OpenSSL application to crash.  This may lead
to a denial of service.

The problem is fixed in OpenBSD-current as well as the 3.4-stable
and 3.3-stable branches.

Patches are available from:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/016_openssl.patch
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch

For more information, see:
    http://www.openssl.org/news/secadv_20040317.txt