Errata patches for libcrypto have been released for OpenBSD 6.3 and 6.2. DSA and ECDSA signature generation can potentially leak secret information to a timing side-channel attack.
Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. Source code patches can be found on the respective errata pages: https://www.openbsd.org/errata62.html https://www.openbsd.org/errata63.html For users running 6.3, the syspatches will be delayed approximately two days. Use the source code patch if you need the fix before then.
