[DONE] wml://{security/2017/dsa-3886.wml}

[Lev Lamberov <dogsleg@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2017/dsa-3886.wml	2017-06-19 21:59:05.000000000 +0500
+++ russian/security/2017/dsa-3886.wml	2017-06-20 12:54:01.658801693 +0500
@@ -1,113 +1,114 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?л обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или Ñ?Ñ?еÑ?кам
+инÑ?оÑ?маÑ?ии.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-0605";>CVE-2017-0605</a>
 
- -    <p>A buffer overflow flaw was discovered in the trace subsystem.</p></li>
+    <p>Ð? подÑ?иÑ?Ñ?еме trace бÑ?ло обнаÑ?Ñ?жено пеÑ?еполнение бÑ?Ñ?еÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7487";>CVE-2017-7487</a>
 
- -    <p>Li Qiang reported a reference counter leak in the ipxitf_ioctl
- -    function which may result into a use-after-free vulnerability,
- -    triggerable when a IPX interface is configured.</p></li>
+    <p>Ð?и ЦÑ?н Ñ?ообÑ?ил об Ñ?Ñ?еÑ?ке Ñ?Ñ?Ñ?Ñ?Ñ?ика Ñ?Ñ?Ñ?лок в Ñ?Ñ?нкÑ?ии the ipxitf_ioctl,
+    Ñ?Ñ?о можеÑ? пÑ?иводиÑ?Ñ? к иÑ?полÑ?зованиÑ? Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и,
+    коÑ?оÑ?ое возникаеÑ? в Ñ?лÑ?Ñ?ае, когда наÑ?Ñ?Ñ?оен инÑ?еÑ?Ñ?ейÑ? IPX.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7645";>CVE-2017-7645</a>
 
- -    <p>Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that
- -    the NFSv2 and NFSv3 server implementations are vulnerable to an
- -    out-of-bounds memory access issue while processing arbitrarily long
- -    arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of
- -    service.</p></li>
+    <p>ТÑ?омаÑ? Хаанпаа и Ð?аÑ?Ñ?и Ð?амÑ?нен из Synopsys Ltd обнаÑ?Ñ?жили, Ñ?Ñ?о
+    Ñ?еализаÑ?ии Ñ?еÑ?веÑ?ов NFSv2 и NFSv3 Ñ?Ñ?звимÑ? к обÑ?аÑ?ениÑ? за пÑ?еделами вÑ?деленного
+    бÑ?Ñ?еÑ?а памÑ?Ñ?и в Ñ?лÑ?Ñ?ае обÑ?абоÑ?ки аÑ?гÑ?менÑ?ов пÑ?оизволÑ?ной длинÑ?, оÑ?пÑ?авленнÑ?Ñ?
+    PRC-клиенÑ?ами NFSv2/NFSv3, Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-7895";>CVE-2017-7895</a>
 
- -    <p>Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3
- -    server implementations do not properly handle payload bounds
- -    checking of WRITE requests. A remote attacker with write access to a
- -    NFS mount can take advantage of this flaw to read chunks of
- -    arbitrary memory from both kernel-space and user-space.</p></li>
+    <p>Ð?Ñ?и Ð?аÑ?ппи из Synopsys Ltd обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?ии Ñ?еÑ?веÑ?ов NFSv2
+    и NFSv3 непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваÑ?Ñ? пÑ?овеÑ?кÑ? гÑ?аниÑ? инÑ?оÑ?маÑ?ионного
+    наполнениÑ? WRITE-запÑ?оÑ?ов. УдалÑ?ннÑ?й злоÑ?мÑ?Ñ?ленник, имеÑ?Ñ?ий доÑ?Ñ?Ñ?п на запиÑ?Ñ? к
+    NFS, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? Ñ?Ñ?ениÑ? поÑ?Ñ?ий пÑ?оизволÑ?ной памÑ?Ñ?и
+    и из пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва Ñ?дÑ?а, и из пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва полÑ?зоваÑ?елÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-8064";>CVE-2017-8064</a>
 
- -    <p>Arnd Bergmann found that the DVB-USB core misused the device
- -    logging system, resulting in a use-after-free vulnerability, with
- -    unknown security impact.</p></li>
+    <p>Ð?Ñ?нд Ð?еÑ?гман обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?дÑ?о DVB-USB непÑ?авилÑ?но иÑ?полÑ?зÑ?еÑ? Ñ?иÑ?Ñ?емÑ?
+    жÑ?Ñ?налиÑ?ованиÑ? Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?в, Ñ?Ñ?о пÑ?иводиÑ? к иÑ?полÑ?зованиÑ? Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ?
+    памÑ?Ñ?и и оказÑ?ваеÑ? неизвеÑ?Ñ?ное влиÑ?ние на безопаÑ?ноÑ?Ñ?Ñ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-8890";>CVE-2017-8890</a>
 
- -    <p>It was discovered that the net_csk_clone_lock() function allows a
- -    remote attacker to cause a double free leading to a denial of
- -    service or potentially have other impact.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? net_csk_clone_lock() позволÑ?еÑ?
+    Ñ?далÑ?нномÑ? злоÑ?мÑ?Ñ?ленникÑ? вÑ?зÑ?ваÑ?Ñ? двойное оÑ?вобождение, пÑ?иводÑ?Ñ?ее к оÑ?казÑ?
+    в обÑ?лÑ?живании или оказÑ?ваÑ?Ñ?ее дÑ?Ñ?гое поÑ?енÑ?иалÑ?ное влиÑ?ние на безопаÑ?ноÑ?Ñ?Ñ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-8924";>CVE-2017-8924</a>
 
- -    <p>Johan Hovold found that the io_ti USB serial driver could leak
- -    sensitive information if a malicious USB device was connected.</p></li>
+    <p>Ð?оÑ?ан ХоволÑ?д обнаÑ?Ñ?жил, Ñ?Ñ?о в io_ti, дÑ?айвеÑ?е поÑ?ледоваÑ?елÑ?нÑ?Ñ? USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?в, можеÑ?
+    пÑ?оиÑ?Ñ?одиÑ?Ñ? Ñ?Ñ?еÑ?ка Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии в Ñ?лÑ?Ñ?ае подклÑ?Ñ?ениÑ? вÑ?едоноÑ?ного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-8925";>CVE-2017-8925</a>
 
- -    <p>Johan Hovold found a reference counter leak in the omninet USB
- -    serial driver, resulting in a use-after-free vulnerability.  This
- -    can be triggered by a local user permitted to open tty devices.</p></li>
+    <p>Ð?оÑ?ан ХоволÑ?д обнаÑ?Ñ?жил Ñ?Ñ?еÑ?кÑ? Ñ?Ñ?Ñ?Ñ?Ñ?ика Ñ?Ñ?Ñ?лок в omninet, дÑ?айвеÑ?е поÑ?ледоваÑ?елÑ?нÑ?Ñ?
+    USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?в, коÑ?оÑ?аÑ? пÑ?иводиÑ? к иÑ?полÑ?зованиÑ? Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и. ЭÑ?а
+    Ñ?Ñ?звимоÑ?Ñ?Ñ? можно возникаÑ?Ñ? в Ñ?лÑ?Ñ?ае, когда локалÑ?номÑ? полÑ?зоваÑ?елÑ? Ñ?азÑ?еÑ?ено оÑ?кÑ?Ñ?ваÑ?Ñ? tty-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-9074";>CVE-2017-9074</a>
 
- -    <p>Andrey Konovalov reported that the IPv6 fragmentation
- -    implementation could read beyond the end of a packet buffer.  A
- -    local user or guest VM might be able to use this to leak sensitive
- -    information or to cause a denial of service (crash).</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? Ñ?Ñ?агменÑ?аÑ?ии IPv6 можеÑ?
+    вÑ?полнÑ?Ñ?Ñ? Ñ?Ñ?ение за пÑ?еделами конÑ?а бÑ?Ñ?еÑ?а пакеÑ?а. Ð?окалÑ?нÑ?й
+    полÑ?зоваÑ?елÑ? или полÑ?зоваÑ?елÑ? гоÑ?Ñ?евой виÑ?Ñ?Ñ?алÑ?ной маÑ?инÑ? Ñ?поÑ?обнÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ?
+    Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова Ñ?Ñ?еÑ?ки Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии или оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-9075";>CVE-2017-9075</a>
 
- -    <p>Andrey Konovalov reported that the SCTP/IPv6 implementation
- -    wrongly initialised address lists on connected sockets, resulting
- -    in a use-after-free vulnerability, a similar issue to
- -    <a href="https://security-tracker.debian.org/tracker/CVE-2017-8890";>CVE-2017-8890</a>.  This can be triggered by any local user.</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? SCTP/IPv6 непÑ?авилÑ?но
+    вÑ?полнÑ?еÑ? иниÑ?иализаÑ?иÑ? Ñ?пиÑ?ков адÑ?еÑ?ов на подклÑ?Ñ?Ñ?ннÑ?Ñ? Ñ?океÑ?аÑ?, Ñ?Ñ?о пÑ?иводиÑ? к
+    иÑ?полÑ?зованиÑ? Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и (пÑ?облема поÑ?ожа на
+    <a href="https://security-tracker.debian.org/tracker/CVE-2017-8890";>CVE-2017-8890</a>).
+    ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? бÑ?Ñ?Ñ? вÑ?звана лÑ?бÑ?м локалÑ?нÑ?м полÑ?зоваÑ?елем.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-9076";>CVE-2017-9076</a>
 
 	/ <a href="https://security-tracker.debian.org/tracker/CVE-2017-9077";>CVE-2017-9077</a>
 
- -    <p>Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations
- -    wrongly initialised address lists on connected sockets, a similar
- -    issue to <a href="https://security-tracker.debian.org/tracker/CVE-2017-9075";>CVE-2017-9075</a>.</p></li>
+    <p>ЦÑ?н Ð?ан обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?ии TCP/IPv6 и DCCP/IPv6 непÑ?авилÑ?но
+    вÑ?полнÑ?Ñ?Ñ? иниÑ?иализаÑ?иÑ? Ñ?пиÑ?ков адÑ?еÑ?ов на подклÑ?Ñ?Ñ?ннÑ?Ñ? Ñ?океÑ?аÑ? (пÑ?облема Ñ?Ñ?ожа
+    Ñ? <a href="https://security-tracker.debian.org/tracker/CVE-2017-9075";>CVE-2017-9075</a>).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-9242";>CVE-2017-9242</a>
 
- -    <p>Andrey Konovalov reported a packet buffer overrun in the IPv6
- -    implementation.  A local user could use this for denial of service
- -    (memory corruption; crash) and possibly for privilege escalation.</p></li>
+    <p>Ð?ндÑ?ей Ð?оновалов Ñ?ообÑ?ил о вÑ?Ñ?оде за гÑ?аниÑ?Ñ? бÑ?Ñ?еÑ?а пакеÑ?а в Ñ?еализаÑ?ии
+    IPv6. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза
+    в обÑ?лÑ?живании (поÑ?Ñ?а Ñ?одеÑ?жимого памÑ?Ñ?и; аваÑ?ийнаÑ? оÑ?Ñ?ановка) и длÑ? поÑ?енÑ?иалÑ?ного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000364";>CVE-2017-1000364</a>
 
- -    <p>The Qualys Research Labs discovered that the size of the stack guard
- -    page is not sufficiently large. The stack-pointer can jump over the
- -    guard-page and moving from the stack into another memory region
- -    without accessing the guard-page. In this case no page-fault
- -    exception is raised and the stack extends into the other memory
- -    region. An attacker can exploit this flaw for privilege escalation.</p>
- -
- -    <p>The default stack gap protection is set to 256 pages and can be
- -    configured via the stack_guard_gap kernel parameter on the kernel
- -    command line.</p>
+    <p>СоÑ?Ñ?Ñ?дники Qualys Research Labs обнаÑ?Ñ?жили, Ñ?Ñ?о Ñ?азмеÑ? заÑ?иÑ?Ñ? Ñ?Ñ?ековÑ?Ñ?
+    Ñ?Ñ?Ñ?аниÑ? недоÑ?Ñ?аÑ?оÑ?но велик. УказаÑ?елÑ? Ñ?Ñ?ека можеÑ? пеÑ?еÑ?какиваÑ?Ñ?
+    заÑ?иÑ?Ñ?ннÑ?Ñ? Ñ?Ñ?Ñ?аниÑ?Ñ? и пеÑ?ейÑ?и из Ñ?Ñ?ека в дÑ?Ñ?гой Ñ?егион памÑ?Ñ?и без обÑ?аÑ?ениÑ? к
+    заÑ?иÑ?Ñ?нной Ñ?Ñ?Ñ?аниÑ?е. Ð? Ñ?Ñ?ом Ñ?лÑ?Ñ?ае не возникаеÑ? иÑ?клÑ?Ñ?ениÑ? об оÑ?ибке Ñ?Ñ?Ñ?аниÑ?Ñ?,
+    а Ñ?Ñ?ек Ñ?велиÑ?иваеÑ?Ñ?Ñ? в дÑ?Ñ?гой Ñ?егион памÑ?Ñ?и. Ð?лоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ?
+    Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? повÑ?Ñ?ениÑ? пÑ?ивилегий.</p>
+
+    <p>Ð?о Ñ?молÑ?аниÑ? пÑ?омежÑ?Ñ?ок заÑ?иÑ?Ñ? Ñ?Ñ?ека Ñ?авен 256 Ñ?Ñ?Ñ?аниÑ?ам, его можно измениÑ?Ñ?
+    в паÑ?амеÑ?Ñ?е Ñ?дÑ?а stack_guard_gap Ñ?еÑ?ез команднÑ?Ñ? Ñ?Ñ?Ñ?окÑ?
+    Ñ?дÑ?а.</p>
 
- -    <p>Further details can be found at
+    <p>Ð?ополниÑ?елÑ?нÑ?е подÑ?обноÑ?Ñ?и можно найÑ?и по адÑ?еÑ?Ñ?
     <a href="https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt";>https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt</a></p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (jessie), these problems have been fixed
- -in version 3.16.43-2+deb8u1.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 3.16.43-2+deb8u1.</p>
 
- -<p>For the stable distribution (stretch), these problems have been fixed in
- -version 4.9.30-2+deb9u1 or earlier versions before the stretch release.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (stretch) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 4.9.30-2+deb9u1 или более Ñ?анниÑ? веÑ?Ñ?иÑ?Ñ? до вÑ?пÑ?Ñ?ка stretch.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3mumcdV9mwCc9oZQXudu4gIW0qUFAllI1KAACgkQXudu4gIW
0qWbhw//ViGU1S4beUkvZE1U5Y9Fi3B3QlmQ0VeXblOiDoVUxe0kDimnLzxSFBom
2B8X8o6V2kjjM2aNISKTS06p5vRzriN2vQ59de6BEHjJp8nzRELwYDv6n8hvQgVC
Z8yNxKgvK5R5qKJ+l7TMM0bvfaq2ys92ngTCsfyQNUi+LiMmipZW5S3a7nQ02+AG
UFNAOsBkjZtkJ5rH67btyncyyI9LXB01lJeA4Z5AU2yWd386ltl+wV0H6T+P1gCM
bzIhlxxIf9tOZObKk33CpIm9BeyqhhlqohOfG/whtwRsPlDfZfq2mSDzcxsB0hMp
IH308B3hbJSYJXn2xdJ7kQ95l2nOLvHO09M+YLLpgTHt7cX1SvQtipIdr267s6po
gGKUWi6hn57XeX3w8wpF5lepPRKeqc0w0XOEEjvxIfBSE58XVApTw8YARKb5C6qT
bh8tqhIwOQ7XWZoCqf7t6/ql77vx8PegjKt3gQmlQWdvItt42rLKNO+ZnoQ/Bv28
jFLTOj9DwyXUib4WIuBlLji80S3wzAevfeMkbF5bgk3IKzy5at/JcLVRTMS0Uk+I
T5dkWPNc6lFCV0crZ+Wmrf5HoT0uvNCkUBKfbHGKrH7rq4efXVEZXxaLmSlbcCGY
1z9szl6IEW5DOdfOUC3+xWKj/Hkre4XMrwxGz7RT8UHDlA3Vs/4=
=fQCW
-----END PGP SIGNATURE-----