A major OpenSSL vulnerability has been discovered allowing attackers to decrypt TLS communication using a SSLv2 server and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Traffic may can be decrypted even if server shares RSA keys of a secure server. using this vulnerability a failed exploit might lead to DoS.
The vulnerability exists, because fmtstr() function performs checks using BIO_*printf(). Exploitation can be conducted by a malicious user who submits a large input to the weak software. When the software processes it, the out-of-bounds read error will be triggered.
BIO_*printf vulnerability impacts PHP too. OpenSSL has already released patches and all administrators are advised to apply them asap: