Aging and bloated OpenSSL is purged of 2 high-severity bugs
Maintainers of the OpenSSL cryptographic library have patched high-severity holes that could make it possible for attackers to decrypt login credentials or execute malicious code on Web servers.
The updates were released Tuesday morning for both versions 1.0.1 and 1.0.2 of OpenSSL, which a large portion of the Internet relies on to cryptographically protect sensitive Web and e-mail traffic using the transport layer security protocol. OpenSSL advisories labeled the severity of both vulnerabilities "high," meaning the updates fixing them should be installed as soon as possible. The fixes bring the latest supported versions to 1.0.1t and 1.0.2h.
These bugs also affect LibreSSL, see http://www.undeadly.org/cgi?action=a...20160503153036
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump