The OpenBSD project has published a portable release of LibreSSL 3.2.5, which develops a fork of OpenSSL aimed at providing a higher level of security. The new version fixes a bug in the implementation of the TLS client that resulted in accessing an already freed memory block (use-after-free) when performing a session resumption operation. The OpenBSD developers acknowledged that the bug leads to a vulnerability, but refrained from publishing details, confining themselves to a patch. Information about the possibility of organizing a remote attack is not yet available. It is possible that the vulnerability is related to the problem that led to crashes, which the developers of the haproxy project warned about in February.
Source: opennet.ru