A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which can be used to reveal up to 64kB of memory to a connected client or server. https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 The short version is: upgrade your openssl (unless you're running an old one), and also more packages coming soon. --Roger