Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://secunia.com/advisories/28324
http://secunia.com/advisories/28419
http://secunia.com/advisories/28597
http://secunia.com/advisories/29443
http://secunia.com/advisories/32222
http://securityreason.com/securityalert/3531
https://exchange.xforce.ibmcloud.com/vulnerabilities/39429
https://exchange.xforce.ibmcloud.com/vulnerabilities/39431
http://support.apple.com/kb/HT3216
http://www.debian.org/security/2008/dsa-1478
http://www.ubuntu.com/usn/usn-588-1
http://www.vupen.com/english/advisories/2008/0560/references