===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.219
retrieving revision 1.220
diff -u -r1.219 -r1.220
--- www/errata.html	2000/01/09 10:25:59	1.219
+++ www/errata.html	2000/01/20 17:49:32	1.220
@@ -37,6 +37,15 @@
 <li><h3><font color=#e00000>All architectures</font></h3>
 <ul>
 <a name=aty2k></a>
+<li><font color=#009000><strong>016: SECURITY FIX: Jan 20, 2000</strong></font><br>
+Systems running with procfs enabled and mounted are vulnerable
+to having the stderr output of setuid processes directed onto
+a pre-seeked descriptor onto the stack in their own procfs memory.<br>
+Note that procfs is not mounted by default in OpenBSD.<br>
+<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/016_procfs.patch>
+A source code patch exists, which remedies this problem.</a>
+<p>
+<a name=aty2k></a>
 <li><font color=#009000><strong>015: Y2K FIX: Jan 9, 2000</strong></font><br>
 The at(1) command was unable to parse some kinds of dates.<br>
 <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch>
@@ -251,7 +260,7 @@
 
 <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
 <a href=mailto:www@openbsd.org>www@openbsd.org</a>
-<br><small>$OpenBSD: errata.html,v 1.219 2000/01/09 10:25:59 deraadt Exp $</small>
+<br><small>$OpenBSD: errata.html,v 1.220 2000/01/20 17:49:32 deraadt Exp $</small>
 
 </body>
 </html>