===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata57.html,v
retrieving revision 1.25
retrieving revision 1.26
diff -c -r1.25 -r1.26
*** www/errata57.html 2015/09/28 19:44:59 1.25
--- www/errata57.html 2015/10/02 02:26:38 1.26
***************
*** 266,271 ****
--- 266,290 ----
A source code patch exists which remedies this problem.
+
+ 017: SECURITY FIX: October 1, 2015
+ All architectures
+ Fix multiple reliability and security issues in smtpd:
+
+ - local and remote users could make smtpd crash or stop serving requests.
+
- a buffer overflow in the unprivileged, non-chrooted smtpd (lookup)
+ process could allow a local user to cause a crash or potentially
+ execute arbitrary code.
+
- a use-after-free in the unprivileged, non-chrooted smtpd (lookup)
+ process could allow a remote attacker to cause a crash or potentially
+ execute arbitrary code.
+
- hardlink and symlink attacks allowed a local user to unset chflags or
+ leak the first line of an arbitrary file.
+
+
+ A source code patch exists which remedies this problem.
+
+