It seems that ever since the Heartbleed bug was published earlier this Spring, OpenSSL just hasn't been able to catch a break. Today, it was announced that seven additional vulnerabilities had been discovered affecting OpenSSL 0.9.8, 1.0.0, 1.0.1, and 1.0.2 (meaning all versions, basically).

At least one of the bugs, a man-in-the-middle attack referred to as CCS injection (detailed here and here), has been dubbed "serious" by the team. Updated versions of OpenSSL have been published today patching these vulnerabilities, including new versions of OpenSSL 0.9.8, 1.0.0, and 1.0.1. The 1.0.2 beta release has not been updated and is still currently vulnerable.

Anyone running an affected version is advised to upgrade as soon as possible, though that's probably self-explanatory at this point.

OpenSSL via CloudFare