[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.5.6.html]NOTE: This addresses a new problem in Postfix 3.5.5, 3.4.15, 3.3.13, 3.2.18, which were released two days earlier but not announced.
Fixed in Postfix versions 3.5.6, 3.4.16, 3.3.14, 3.2.19:
One fix for memory leaks in the Postfix TLS library was back-ported to the wrong place, resulting in undefined program behavior.
Fixed in Postfix versions 3.5.6, 3.4.16:
The workaround for allowed TLS protocol versions did not explictly override the system-wide OpenSSL configuration, for sessions where the remote SMTP client sends SNI. It's better to be safe than sorry.
You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.