===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata57.html,v
retrieving revision 1.25
retrieving revision 1.26
diff -c -r1.25 -r1.26
*** www/errata57.html	2015/09/28 19:44:59	1.25
--- www/errata57.html	2015/10/02 02:26:38	1.26
***************
*** 266,271 ****
--- 266,290 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
+ <li id="017_smtpd">
+ <font color="#009000"><strong>017: SECURITY FIX: October 1, 2015</strong></font>
+ &nbsp; <i>All architectures</i><br>
+ Fix multiple reliability and security issues in smtpd:<br>
+ <ul>
+ <li>local and remote users could make smtpd crash or stop serving requests.
+ <li>a buffer overflow in the unprivileged, non-chrooted smtpd (lookup)
+     process could allow a local user to cause a crash or potentially
+     execute arbitrary code.
+ <li>a use-after-free in the unprivileged, non-chrooted smtpd (lookup)
+     process could allow a remote attacker to cause a crash or potentially
+     execute arbitrary code.
+ <li>hardlink and symlink attacks allowed a local user to unset chflags or
+     leak the first line of an arbitrary file.
+ </ul>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/017_smtpd.patch.sig">
+ A source code patch exists which remedies this problem.</a>
+ <p>
+ 
  </ul>
  
  <hr>