dovecot

1 files changed, 27 insertions, 0 deletions

diff --git a/korean/security/2019/dsa-4385.wml b/korean/security/2019/dsa-4385.wml
new file mode 100644
index 00000000000..4de817dd03a
--- /dev/null
+++ b/korean/security/2019/dsa-4385.wml
@@ -0,0 +1,27 @@
+#use wml::debian::translation-check translation="61543f0d92cd8408059b731fb690edab0a4a3a8e" maintainer="Sebul"
+<define-tag description>보안 업데이트</define-tag>
+<define-tag moreinfo>
+<p>halfdog discovered an authentication bypass vulnerability in the Dovecot
+email server. Under some configurations Dovecot mistakenly trusts the
+username provided via authentication instead of failing. If there is no
+additional password verification, this allows the attacker to login as
+anyone else in the system. Only installations using:</p>
+
+<ul>
+<li>auth_ssl_require_client_cert = yes</li>
+<li>auth_ssl_username_from_cert = yes</li>
+</ul>
+
+<p>are affected by this flaw.</p>
+
+<p>안정 배포(stretch)에서, 이 문제를 버전 1:2.2.27-3+deb9u3에서 고쳤습니다.</p>
+
+<p>dovecot 패키지를 업그레이드 하는 게 좋습니다.</p>
+
+<p>dovecot의 자세한 보안 상태는 보안 추적 페이지 참조:
+<a href="https://security-tracker.debian.org/tracker/dovecot">\
+https://security-tracker.debian.org/tracker/dovecot</a></p>
+</define-tag>
+
+# do not modify the following line
+#include "$(ENGLISHDIR)/security/2019/dsa-4385.data"