The driver has been updated with OpenSSL library version 1.0.2n, which addresses the following security vulnerabilities:
- rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
- Read/write after SSL object in error state (CVE-2017-3737)
- bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
- Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Version 1.0.2n also addresses the following vulnerabilities resolved by earlier versions of the library.
For more information on the OpenSSL vulnerabilities resolved by this upgrade,
refer to the corresponding OpenSSL announcements at