diff options
author | Sebul <sebuls@gmail.com> | 2019-02-08 00:12:44 +0900 |
---|---|---|
committer | Sebul <sebuls@gmail.com> | 2019-02-08 00:12:44 +0900 |
commit | 4e77bbae3134ee1fa0e7b7669bfaa32f3a8abd9d (patch) | |
tree | eeedd7fd01f4610d111ff08b890bb49e294d038d /korean | |
parent | 0eb6acafb5cb5715a336dcad0504afe6e5b7431a (diff) |
dovecot
Diffstat (limited to 'korean')
-rw-r--r-- | korean/security/2019/dsa-4385.wml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/korean/security/2019/dsa-4385.wml b/korean/security/2019/dsa-4385.wml new file mode 100644 index 00000000000..4de817dd03a --- /dev/null +++ b/korean/security/2019/dsa-4385.wml @@ -0,0 +1,27 @@ +#use wml::debian::translation-check translation="61543f0d92cd8408059b731fb690edab0a4a3a8e" maintainer="Sebul" +<define-tag description>보안 업데이트</define-tag> +<define-tag moreinfo> +<p>halfdog discovered an authentication bypass vulnerability in the Dovecot +email server. Under some configurations Dovecot mistakenly trusts the +username provided via authentication instead of failing. If there is no +additional password verification, this allows the attacker to login as +anyone else in the system. Only installations using:</p> + +<ul> +<li>auth_ssl_require_client_cert = yes</li> +<li>auth_ssl_username_from_cert = yes</li> +</ul> + +<p>are affected by this flaw.</p> + +<p>안정 배포(stretch)에서, 이 문제를 버전 1:2.2.27-3+deb9u3에서 고쳤습니다.</p> + +<p>dovecot 패키지를 업그레이드 하는 게 좋습니다.</p> + +<p>dovecot의 자세한 보안 상태는 보안 추적 페이지 참조: +<a href="https://security-tracker.debian.org/tracker/dovecot">\ +https://security-tracker.debian.org/tracker/dovecot</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2019/dsa-4385.data" |