Amazon Linux AMI Security Advisory: ALAS-2016-749
Advisory Release Date: 2016-09-22 16:00 Pacific
Advisory Updated Date: 2016-09-26 12:00 Pacific
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.
The OpenSSL Security Advisory [26 Sep 2016] refers to two additional CVEs which do not affect OpenSSL 1.0.1.
(Updated 2016-09-26: Included a reference to the 26 Sep 2016 upstream advisory.)
Run yum update openssl to update your system.