[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2016/dsa-3566.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dsa-3566.wml	2016-05-03 23:59:11.000000000 +0500
+++ russian/security/2016/dsa-3566.wml	2016-05-04 00:09:44.378152059 +0500
@@ -1,61 +1,62 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer
- -toolkit.</p>
+<p>Ð? OpenSSL, набоÑ?е инÑ?Ñ?Ñ?Ñ?менÑ?ов Secure Socket Layer, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко
+Ñ?Ñ?звимоÑ?Ñ?ей.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2105";>CVE-2016-2105</a>
 
- -    <p>Guido Vranken discovered that an overflow can occur in the function
- -    EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can
- -    supply a large amount of data. This could lead to a heap corruption.</p></li>
+    <p>Ð?Ñ?идо Ð?Ñ?анкен обнаÑ?Ñ?жил, Ñ?Ñ?о в Ñ?Ñ?нкÑ?ии EVP_EncodeUpdate(), иÑ?полÑ?зÑ?емой длÑ? кодиÑ?ованиÑ?
+    Base64, можеÑ? возникнÑ?Ñ?Ñ? пеÑ?еполнение в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли злоÑ?мÑ?Ñ?ленник можеÑ?
+    пеÑ?едаÑ?Ñ? ей болÑ?Ñ?ое колиÑ?еÑ?Ñ?во даннÑ?Ñ?. ЭÑ?о можеÑ? пÑ?иводиÑ?Ñ? к повÑ?еждениÑ? Ñ?одеÑ?жимого динамиÑ?еÑ?кой памÑ?Ñ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2106";>CVE-2016-2106</a>
 
- -    <p>Guido Vranken discovered that an overflow can occur in the function
- -    EVP_EncryptUpdate() if an attacker can supply a large amount of data.
- -    This could lead to a heap corruption.</p></li>
+    <p>Ð?Ñ?идо Ð?Ñ?анкен обнаÑ?Ñ?жил, Ñ?Ñ?о в Ñ?Ñ?нкÑ?ии EVP_EncryptUpdate() можеÑ? возникнÑ?Ñ?Ñ? пеÑ?еполнение в
+    Ñ?лÑ?Ñ?ае, еÑ?ли злоÑ?мÑ?Ñ?ленник можеÑ? пеÑ?едаÑ?Ñ? ей болÑ?Ñ?ое колиÑ?еÑ?Ñ?во даннÑ?Ñ?.
+    ЭÑ?о можеÑ? пÑ?иводиÑ?Ñ? к повÑ?еждениÑ? Ñ?одеÑ?жимого динамиÑ?еÑ?кой памÑ?Ñ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2107";>CVE-2016-2107</a>
 
- -    <p>Juraj Somorovsky discovered a padding oracle in the AES CBC cipher
- -    implementation based on the AES-NI instruction set. This could allow
- -    an attacker to decrypt TLS traffic encrypted with one of the cipher
- -    suites based on AES CBC.</p></li>
+    <p>ЮÑ?ай СомоÑ?овÑ?ки обнаÑ?Ñ?жил возможноÑ?Ñ?Ñ? пÑ?едÑ?казаниÑ? заполниÑ?елÑ? в Ñ?еализаÑ?ии
+    Ñ?иÑ?Ñ?а AES CBC на оÑ?нове набоÑ?а инÑ?Ñ?Ñ?Ñ?кÑ?ий AES-NI. ЭÑ?о можеÑ? позволиÑ?Ñ?
+    злоÑ?мÑ?Ñ?ленникÑ? Ñ?аÑ?Ñ?иÑ?Ñ?оваÑ?Ñ? Ñ?Ñ?аÑ?ик TLS, заÑ?иÑ?Ñ?ованнÑ?й Ñ? помоÑ?Ñ?Ñ? одного из набоÑ?ов
+    Ñ?иÑ?Ñ?ов на оÑ?нове AES CBC.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2108";>CVE-2016-2108</a>
 
- -    <p>David Benjamin from Google discovered that two separate bugs in the
- -    ASN.1 encoder, related to handling of negative zero integer values
- -    and large universal tags, could lead to an out-of-bounds write.</p></li>
+    <p>Ð?Ñ?вид Ð?енджамин из Google обнаÑ?Ñ?жил, Ñ?Ñ?о две Ñ?азлиÑ?нÑ?Ñ? оÑ?ибки в
+    коде кодиÑ?овÑ?ика ASN.1, Ñ?вÑ?заннÑ?е Ñ? обÑ?абоÑ?кой оÑ?Ñ?иÑ?аÑ?елÑ?нÑ?Ñ? нÑ?левÑ?Ñ? Ñ?елÑ?Ñ? знаÑ?ений
+    и болÑ?Ñ?иÑ? Ñ?нивеÑ?Ñ?алÑ?нÑ?Ñ? Ñ?егов, могÑ?Ñ? пÑ?иводиÑ?Ñ? к запиÑ?и за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2109";>CVE-2016-2109</a>
 
- -    <p>Brian Carpenter discovered that when ASN.1 data is read from a BIO
- -    using functions such as d2i_CMS_bio(), a short invalid encoding can
- -    casuse allocation of large amounts of memory potentially consuming
- -    excessive resources or exhausting memory.</p></li>
+    <p>Ð?Ñ?айан Ð?аÑ?пенÑ?еÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о когда даннÑ?Ñ? ASN.1 Ñ?Ñ?иÑ?Ñ?ваÑ?Ñ?Ñ?Ñ? из BIO
+    Ñ? помоÑ?Ñ?Ñ? Ñ?акиÑ? Ñ?Ñ?нкÑ?ий как d2i_CMS_bio(), коÑ?оÑ?каÑ? непÑ?авилÑ?наÑ? кодиÑ?овка можеÑ?
+    вÑ?зваÑ?Ñ? вÑ?деление болÑ?Ñ?ого колиÑ?еÑ?Ñ?ва памÑ?Ñ?и, Ñ?Ñ?о пÑ?иводиÑ? к поÑ?енÑ?иалÑ?номÑ? поÑ?Ñ?еблениÑ?
+    Ñ?Ñ?езмеÑ?нÑ?Ñ? Ñ?еÑ?Ñ?Ñ?Ñ?ов или поÑ?Ñ?еблениÑ? вÑ?ей памÑ?Ñ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2176";>CVE-2016-2176</a>
 
- -    <p>Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes
- -    can cause an overread in applications using the X509_NAME_oneline()
- -    function on EBCDIC systems. This could result in arbitrary stack data
- -    being returned in the buffer.</p>
+    <p>Ð?Ñ?идо Ð?Ñ?анкен обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?Ñ?Ñ?оки ASN.1 длиннее 1024 байÑ?
+    могÑ?Ñ? вÑ?зÑ?ваÑ?Ñ? Ñ?Ñ?ение за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и в пÑ?иложениÑ?Ñ?, иÑ?полÑ?зÑ?Ñ?Ñ?иÑ? Ñ?Ñ?нкÑ?иÑ?
+    X509_NAME_oneline() в Ñ?иÑ?Ñ?емаÑ? EBCDIC. ЭÑ?о можеÑ? пÑ?иводиÑ?Ñ? к Ñ?омÑ?, Ñ?Ñ?о в бÑ?Ñ?еÑ? бÑ?дÑ?Ñ? возвÑ?аÑ?енÑ?
+    пÑ?оизволÑ?нÑ?е даннÑ?е Ñ?Ñ?ека.</p>
 
- -<p>Additional information about these issues can be found in the OpenSSL
- -security advisory at <a href="https://www.openssl.org/news/secadv/20160503.txt";>https://www.openssl.org/news/secadv/20160503.txt</a></p></li>
+<p>Ð?ополниÑ?елÑ?нÑ?Ñ? инÑ?оÑ?маÑ?иÑ? об Ñ?Ñ?иÑ? пÑ?облемаÑ? можно найÑ?и в Ñ?екомендаÑ?ии по безопаÑ?ноÑ?Ñ?и
+OpenSSL по адÑ?еÑ?Ñ? <a href="https://www.openssl.org/news/secadv/20160503.txt";>https://www.openssl.org/news/secadv/20160503.txt</a></p></li>
 
 </ul>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 1.0.1k-3+deb8u5.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.0.1k-3+deb8u5.</p>
 
- -<p>For the unstable distribution (sid), these problems have been fixed in
- -version 1.0.2h-1.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1.0.2h-1.</p>
 
- -<p>We recommend that you upgrade your openssl packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? openssl.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXKPe3AAoJEF7nbuICFtKlUFwP/iS72gCgb6/pPqu3eMIXvfw+
14E3q0qSloIPA2Y46d5Ud+Lq0DP7mPCE3ssmbAcX2B+UDYrZLANERG8OXN8ckLhd
v+oqJTqep+fp62LwrRignBOGr3sgJjfx8J4Uehxk6MijCbkGejHZ+EGQ5f8c/otQ
LMdkPFAaecR5teDdT0+mNoVPRcqN8eYAjbwGF+1Mt8DtKJbDgk3G6FDswCE2wIBY
4WPOPlgf12/5y0ceZ4sIobLw4m7wET0FexOXAPXpCGRJ3H0MyXoL7pNIKBw0QG6d
R0isZEF9+MALh7eG3QP4IbVk3kTBhUFmLtoJhKjE6n54wJwlSZZZQJEtCba145Gw
X1d6TuP1ozzuuze0fWmFAhjoT/Iy7aGDVMl7MAxsd+aDR4H9FQdiCjBV/8aWgit6
p8mc0t3EFLZpj5ZKoszYLd7eMQFFO+rT/OvmLXBDiVYBWREIBBpbBYJ6alr2p2z2
EG86G4cK7uKfkfjxW4jQROC7zbh1L8U2njn1IxPTzk4UuvWePuR4aI27lzqGOgvr
MLCDdtb3UStlnV5kvfsCXQss9u8n4KWYfruuBxV7k/KPhadq6HhO5desRbsjKMgg
HCxmLL/TQ4KAUxwt6QdEzPVnWUkwiSJ4cSnl9CFYMYEM7pkCwCYVT4o0zoqnOkMm
BNJEgqiWB03kNIVe7KXR
=SkN8
-----END PGP SIGNATURE-----
Reply to: