A remotely exploitable OpenSSL/LibreSSL vulnerability

The OpenSSL project has disclosed avulnerability wherein an attacker presenting a malicious certificatecan cause the execution of an infinite loop. It is thus adenial-of-service vulnerability for any application - server or client -that handles certificates from untrusted sources. The OpenSSL 3.0.2 and1.1.1n releases contain fixes for the problem. This advisory makes it clear that LibreSSL,too, suffers from this vulnerability; updated releases are available there too.