[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2016/dsa-3446.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dsa-3446.wml	2016-01-14 22:00:07.000000000 +0500
+++ russian/security/2016/dsa-3446.wml	2016-01-14 22:57:05.585979326 +0500
@@ -1,61 +1,62 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>The Qualys Security team discovered two vulnerabilities in the roaming
- -code of the OpenSSH client (an implementation of the SSH protocol
- -suite).</p>
- -
- -<p>SSH roaming enables a client, in case an SSH connection breaks
- -unexpectedly, to resume it at a later time, provided the server also
- -supports it.</p>
- -
- -<p>The OpenSSH server doesn't support roaming, but the OpenSSH client
- -supports it (even though it's not documented) and it's enabled by
- -default.</p>
+<p>Ð?оманда Qualys Security обнаÑ?Ñ?жила две Ñ?Ñ?звимоÑ?Ñ?и в коде длÑ? авÑ?омаÑ?иÑ?еÑ?кой
+наÑ?Ñ?Ñ?ойки Ñ?еÑ?и в клиенÑ?е OpenSSH (Ñ?еализаÑ?ии набоÑ?а пÑ?оÑ?околов
+SSH).</p>
+
+<p>Ð?вÑ?омаÑ?иÑ?еÑ?каÑ? наÑ?Ñ?Ñ?ойка Ñ?еÑ?и в SSH позволÑ?еÑ? клиенÑ?Ñ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли Ñ?оединение SSH
+неожиданно пÑ?еÑ?Ñ?ваеÑ?Ñ?Ñ?, воÑ?Ñ?Ñ?ановиÑ?Ñ? его, Ñ?Ñ?иÑ?Ñ?ваÑ?, Ñ?Ñ?о Ñ?Ñ?о Ñ?акже
+поддеÑ?живаеÑ?Ñ?Ñ? Ñ?еÑ?веÑ?ом.</p>
+
+<p>СеÑ?веÑ? OpenSSH не поддеÑ?живаеÑ? авÑ?омаÑ?иÑ?еÑ?кÑ?Ñ? наÑ?Ñ?Ñ?ойкÑ? Ñ?еÑ?и, но клиенÑ? OpenSSH
+поддеÑ?живаеÑ? еÑ? (неÑ?моÑ?Ñ?Ñ? на Ñ?о, Ñ?Ñ?о об Ñ?Ñ?ом ниÑ?его неÑ? в докÑ?менÑ?аÑ?ии), и она вклÑ?Ñ?ена
+по Ñ?молÑ?аниÑ?.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0777";>CVE-2016-0777</a>
 
- -    <p>An information leak (memory disclosure) can be exploited by a rogue
- -    SSH server to trick a client into leaking sensitive data from the
- -    client memory, including for example private keys.</p></li>
+    <p>УÑ?еÑ?ка инÑ?оÑ?маÑ?ии (Ñ?аÑ?кÑ?Ñ?Ñ?ие Ñ?одеÑ?жимого памÑ?Ñ?и) можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленником,
+    владеÑ?Ñ?им Ñ?еÑ?веÑ?ом SSH, длÑ? Ñ?ого, Ñ?Ñ?обÑ? полÑ?Ñ?иÑ?Ñ? из памÑ?Ñ?и клиенÑ?а
+    Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?нÑ?Ñ? даннÑ?Ñ?, вклÑ?Ñ?аÑ?, напÑ?имеÑ?, закÑ?Ñ?Ñ?Ñ?е клÑ?Ñ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0778";>CVE-2016-0778</a>
 
- -    <p>A buffer overflow (leading to file descriptor leak), can also be
- -    exploited by a rogue SSH server, but due to another bug in the code
- -    is possibly not exploitable, and only under certain conditions (not
- -    the default configuration), when using ProxyCommand, ForwardAgent or
- -    ForwardX11.</p></li>
+    <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а (пÑ?иводÑ?Ñ?ее к Ñ?Ñ?еÑ?ке Ñ?айлового деÑ?кÑ?ипÑ?оÑ?а) можеÑ?
+    иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? злоÑ?мÑ?Ñ?ленником, владеÑ?Ñ?им Ñ?еÑ?веÑ?ом SSH, но из-за дÑ?Ñ?гой оÑ?ибки в коде,
+    Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? нелÑ?зÑ? иÑ?полÑ?зоваÑ?Ñ?. ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? лиÑ?Ñ? пÑ?и
+    опÑ?еделÑ?ннÑ?Ñ? Ñ?Ñ?ловиÑ?Ñ? (не пÑ?и иÑ?полÑ?зовании наÑ?Ñ?Ñ?оек по Ñ?молÑ?аниÑ?). Ð? Ñ?аÑ?Ñ?ноÑ?Ñ?и,
+    пÑ?и иÑ?полÑ?зовании ProxyCommand, ForwardAgent или ForwardX11.</p></li>
 
 </ul>
 
- -<p>This security update completely disables the roaming code in the OpenSSH
- -client.</p>
+<p>Ð?анное обновление безопаÑ?ноÑ?Ñ?и полноÑ?Ñ?Ñ?Ñ? оÑ?клÑ?Ñ?аеÑ? код длÑ? авÑ?омаÑ?иÑ?еÑ?кой наÑ?Ñ?Ñ?ойки Ñ?еÑ?и
+в клиенÑ?е OpenSSH.</p>
 
- -<p>It is also possible to disable roaming by adding the (undocumented)
- -option <q>UseRoaming no</q> to the global /etc/ssh/ssh_config file, or to the
- -user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on
- -the command line.</p>
+<p>Ð?Ñ?оме Ñ?ого, обновление оÑ?клÑ?Ñ?аеÑ? авÑ?омаÑ?иÑ?еÑ?кÑ?Ñ? наÑ?Ñ?Ñ?ойкÑ? Ñ?еÑ?и пÑ?Ñ?Ñ?м добавлениÑ? (недокÑ?менÑ?иÑ?ованной)
+опÑ?ии <q>UseRoaming no</q> в глобалÑ?нÑ?й Ñ?айл наÑ?Ñ?Ñ?ойки /etc/ssh/ssh_config, либо в
+полÑ?зоваÑ?елÑ?Ñ?кие наÑ?Ñ?Ñ?ойки в ~/.ssh/config, либо же пеÑ?едаваÑ? -oUseRoaming=no
+в командной Ñ?Ñ?Ñ?оке.</p>
 
- -<p>Users with passphrase-less privates keys, especially in non interactive
- -setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to
- -update their keys if they have connected to an SSH server they don't
- -trust.</p>
+<p>Ð?олÑ?зоваÑ?елÑ?м Ñ? закÑ?Ñ?Ñ?Ñ?ми клÑ?Ñ?ами, не заÑ?иÑ?Ñ?ннÑ?ми паÑ?олÑ?ми, в оÑ?обенноÑ?Ñ?и в Ñ?лÑ?Ñ?ае,
+еÑ?ли иÑ?полÑ?зÑ?Ñ?Ñ?Ñ?Ñ? наÑ?Ñ?Ñ?ойки без инÑ?еÑ?акÑ?ивного Ñ?ежима (авÑ?омаÑ?изиÑ?ованнÑ?е задаÑ?и, иÑ?полÑ?зÑ?Ñ?Ñ?ие
+ssh, scp, rsync+ssh и Ñ?. д.) Ñ?екомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? Ñ?вои клÑ?Ñ?и в Ñ?ом Ñ?лÑ?Ñ?ае,
+еÑ?ли они подклÑ?Ñ?аÑ?Ñ?Ñ?Ñ? к Ñ?еÑ?веÑ?Ñ? SSH, коÑ?оÑ?омÑ? они не довеÑ?Ñ?Ñ?Ñ?.</p>
 
- -<p>More details about identifying an attack and mitigations will be
- -available in the Qualys Security Advisory.</p>
+<p>Ð?ополниÑ?елÑ?нÑ?е Ñ?ведениÑ? об опÑ?еделении Ñ?Ñ?ой аÑ?аки и Ñ?поÑ?обов еÑ? недопÑ?Ñ?ениÑ?
+бÑ?дÑ?Ñ? доÑ?Ñ?Ñ?пнÑ? в Ñ?екомендаÑ?ии по безопаÑ?Ñ?и Qualys.</p>
 
- -<p>For the oldstable distribution (wheezy), these problems have been fixed
- -in version 1:6.0p1-4+deb7u3.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (wheezy) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 1:6.0p1-4+deb7u3.</p>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 1:6.7p1-5+deb8u1.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 1:6.7p1-5+deb8u1.</p>
 
- -<p>For the testing distribution (stretch) and unstable distribution (sid), these
- -problems will be fixed in a later version.</p>
+<p>Ð? Ñ?еÑ?Ñ?иÑ?Ñ?емом (stretch) и неÑ?Ñ?абилÑ?ном (sid) вÑ?пÑ?Ñ?каÑ? Ñ?Ñ?и
+пÑ?облемÑ? бÑ?дÑ?Ñ? иÑ?пÑ?авленÑ? в более поздней веÑ?Ñ?ии.</p>
 
- -<p>We recommend that you upgrade your openssh packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? openssh.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWl+GfAAoJEF7nbuICFtKl7HwP/3/RkxLVawW+WWsneBVRgQNK
Jf37MdjQoq8jBvZz+NomgmozlV3CBBfrFs/+5wqMAUT1RfSa12m4z2r/6hktOp2v
NjuA9MKL1sgyvk73OJf2GgjyfJdnUfYWsqX5WZqfV5ObfRTQvoMfBW8CQlKzhdGi
Cp3AM+9pzMxm+1WQjLGmWa8L2U3RxSAQ47/tzPwF3lX1HIasHXxEzh0ksjXwHkpm
oIvnY4dEUuvbS4FAP9cYWooQo2oLdBKiaj3pKWNyTpdHrAUqppb73/Z5GCDGwMlo
AB8YVTjd15vluIsDk3sdduvoreCiBDDEDt5d+rMkaVUMrpcGamhO6tdgGBfNHWdq
tyZLUGwjWWxamWb8Rh10hlxBDMsxyh0sXicHZ+vNnBA/Lyk3GXkWnSW7UUcJsLf0
rhtEvyNjq3QJqRdQBpjwRE3ruZ77Y8DRSJy+R7AZMvL1XKt7uJvn2rMCX/kURWVL
5E04Teau4uNx9bm4gKQ918GJYxJjbXfDEh+ypi4cIAlNJqmzPBxDpyLT4e6NhPuK
pnSHpDa1WaqGEjrWfjEFSC738IUmmVLiZUIVEhStnr6TcTGgQZ30SKhEfhdVbCUH
cLlG3uoCECqqFCa0zmPhmf1FTHFQjjIW50xJGlj/DinZlkFhNPYeh1Z7s8+7YwAK
4QlS0WlaYAXMgA02eCwD
=vI//
-----END PGP SIGNATURE-----
Reply to: