
"Server"?
OpenSSL is a library, not a server itself, although a lot of servers do use the library!
The OpenSSL server has been updated to fix a security bug that could be remotely exploited to potentially install malware on vulnerable systems. The race condition flaw in the OpenSSL TLS server extension code could be exploited in a buffer overrun attack, maintainers of the open-source SSL and TLS application warned on …
He ain;t saying it can't be exploited, just that it's very unlikely. I'm inclined to agree looking at the src he posted. Remote race conditions are tough to exploit, as you don't know (and can't know) details re: CPU/FS usage, and network latency will play merry hell with your exploit. This one is a *very* small window of opportunity.
Still, good to see it got fixed promptly.