The OpenBSD team has released a patch 011 for OpenBSD 4.1 (patch 002 for OpenBSD 4.2 and patch 017 for OpenBSD 4.0).
This is a security fix and applies to all architectures.
Quote from the commit messages (1.16 & 1.17):
Replace use of strcpy(3) and other pointer goo in SSL_get_shared_ciphers() with strlcat(3).
Fix off-by-one buffer overflow in SSL_get_shared_ciphers(). From OpenSSL_0_9_8-stable branch.
Binpatches exist for OpenBSD 4.1 and OpenBSD 4.0. Note, I do not have a 4.2 box set up, so no binpatches for 4.2 yet.