blob: 56d778aa0aee374273b3d28298e47ea63922d96e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
#use wml::debian::translation-check translation="abccef21651668bce87fe0103d623399ffd369cd" maintainer="Sebul" mindelta="-1"
# 주의: 불완전한 번역. 번역을 마친 다음 위의 'mindelta="-1"'을 지우십시오.
<define-tag description>보안 업데이트</define-tag>
<define-tag moreinfo>
<p>Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java,
an XML-RPC implementation in Java, does perform deserialization of the
server-side exception serialized in the faultCause attribute of XMLRPC
error response messages. A malicious XMLRPC server can take advantage of
this flaw to execute arbitrary code with the privileges of an
application using the Apache XMLRPC client library.</p>
<p>Note that a client that expects to get server-side exceptions need to
set explicitly the enabledForExceptions property.</p>
<p>For the oldstable distribution (stretch), this problem has been fixed
in version 3.1.3-8+deb9u1.</p>
<p>For the stable distribution (buster), this problem has been fixed in
version 3.1.3-9+deb10u1.</p>
<p>libxmlrpc3-java 패키지를 업그레이드 하는 게 좋음.</p>
<p>libxmlrpc3-java 자세한 보안 상태는 보안 추적 페이지 참조:
<a href="https://security-tracker.debian.org/tracker/libxmlrpc3-java">https://security-tracker.debian.org/tracker/libxmlrpc3-java</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2020/dsa-4619.data"
|
