Patches are now available for these issues.
The main issue CVE-2015-0291, which is a denial of service attack against a system running using OpenSSL 1.0.2. Not sure if many systems at this stage would be on that version but maybe there is.
- If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension, a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.
- Exploit proof-of-concept code has not been published.
The other high issue is the Freak vulnerability and is recommended to upgrade to 1.0.1k, 1.0.0p, or 0.9.8zd depending on the starting version.
Other vulnerabilities listed are nine ranked moderate, and three low which are also older versions and these have been patched in newer versions.