blob: 5e08d5aa243512ed62066bacca0595de85e28c46 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#use wml::debian::translation-check translation="3d3908a97777c39b4ff6b8457295f222163c479e"
<define-tag description>暫存器溢位</define-tag>
<define-tag moreinfo>
#<p>A problem in the Courier sqwebmail package, a CGI program to grant
#authenticated access to local mailboxes, has been discovered. The
#program did not drop permissions fast enough upon startup under
#certain circumstances so a local shell user can execute the sqwebmail
#binary and manage to read an arbitrary file on the local filesystem.</p>
<p>在 Courier sqwebmail 套件中發現一個問題。Courier sqwebmail 是一個 CGI [CN:程序:][HKTW:程式:],能透過它[CN:獲取:][HKTW:取得:]本地端[CN:訪問:][HKTW:存取:]郵件的權限。[CN:該程序:][HKTW:這個程式:]啟動時,會在某種情形下來不及阻止不正確的[CN:訪問:][HKTW:存取:]權限,讓本地端[CN:用戶:][HKTW:使用者:]能透過 shell [CN:運行:][HKTW:執行:] sqwebmail [CN:文件:][HKTW:檔:]並讀取本地端系統中的任何[CN:文件:][HKTW:檔案:]。</p>
#<p>This problem has been fixed in version 0.37.3-2.3 for the current
#stable distribution (woody) and in version 0.40.0-1 for the unstable
#distribution (sid). The old stable distribution (potato) does not
#contain Courier sqwebmail packages. <code>courier-ssl</code> packages
#are also not affected since they don't expose an sqwebmail package.</p>
<p>這個問題已經在[CN:當前:][HKTW:目前的:]穩定版 (woody) 的 0.37.3-2.3 版,及開發中版本 (sid) 的 0.40.0-1 版中修正。舊的穩定版 (potato) 不包含 Courier sqwebmail 套件。<code>courier-ssl</code> 套件也不會被影響到,因為它們不使用 sqwebmail 套件。</p>
#<p>We recommend that you upgrade your sqwebmail package immediately.</p>
<p>我們建議您即刻更新您的 sqwebmail 套件。</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2002/dsa-197.data"
# $Id$
|
