[DONE] wml://security/2016/dsa-348{0,1}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2016/dsa-3480.wml 2016-02-16 19:48:50.000000000 +0500
+++ russian/security/2016/dsa-3480.wml 2016-02-16 22:20:09.951723871 +0500
@@ -1,99 +1,100 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been fixed in the GNU C Library, eglibc.</p>
+<p>Ð? библиоÑ?еке GNU C Library, eglibc, бÑ?ло обнаÑ?Ñ?жено и иÑ?пÑ?авлено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
- -<p>The <a href="https://security-tracker.debian.org/tracker/CVE-2015-7547">CVE-2015-7547</a> vulnerability listed below is considered to have
- -critical impact.</p>
+<p>УÑ?звимоÑ?Ñ?Ñ? <a href="https://security-tracker.debian.org/tracker/CVE-2015-7547">CVE-2015-7547</a>, Ñ?казаннаÑ? ниже, Ñ?Ñ?иÑ?аеÑ?Ñ?Ñ?
+кÑ?иÑ?иÑ?еÑ?кой.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8121">CVE-2014-8121</a>
- - <p>Robin Hack discovered that the nss_files database did not
- - correctly implement enumeration interleaved with name-based or
- - ID-based lookups. This could cause the enumeration enter an
- - endless loop, leading to a denial of service.</p></li>
+ <p>Робин Ð¥Ñ?к обнаÑ?Ñ?жил, Ñ?Ñ?о база даннÑ?Ñ? nss_files непÑ?авилÑ?но
+ Ñ?еализÑ?еÑ? пеÑ?еÑ?иÑ?ление, пеÑ?емежаÑ?Ñ?ееÑ?Ñ? Ñ? поиÑ?ком на оÑ?нове имени или
+ иденÑ?иÑ?икаÑ?оÑ?а. ÐÑ?о можеÑ? пÑ?иводиÑ?Ñ? к Ñ?омÑ?, Ñ?Ñ?о пеÑ?еÑ?иÑ?ление войдÑ?Ñ? в
+ беÑ?конеÑ?нÑ?й Ñ?икл, Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1781">CVE-2015-1781</a>
- - <p>Arjun Shankar discovered that the _r variants of host name
- - resolution functions (like gethostbyname_r), when performing DNS
- - name resolution, suffered from a buffer overflow if a misaligned
- - buffer was supplied by the applications, leading to a crash or,
- - potentially, arbitrary code execution. Most applications are not
- - affected by this vulnerability because they use aligned buffers.</p></li>
+ <p>Ð?Ñ?джÑ?н ШанкаÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о ваÑ?ианÑ?Ñ? Ñ?Ñ?нкÑ?ий Ñ?азÑ?еÑ?ениÑ? имÑ?н Ñ?злов
+ Ñ? _r (напÑ?имеÑ?, gethostbyname_r) пÑ?и вÑ?полнении Ñ?азÑ?еÑ?ениÑ? имÑ?н Ñ?еÑ?ез
+ DNS подвеÑ?женÑ? пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли пÑ?иложением бÑ?л
+ пеÑ?едан невÑ?Ñ?овненнÑ?й бÑ?Ñ?еÑ?, Ñ?Ñ?о пÑ?иводиÑ? к аваÑ?ийной оÑ?Ñ?ановке или
+ к поÑ?енÑ?иалÑ?номÑ? вÑ?полнениÑ? пÑ?оизволÑ?ного кода. Ð?олÑ?Ñ?инÑ?Ñ?во пÑ?иложений
+ не подвеÑ?женÑ? данной Ñ?Ñ?звимоÑ?Ñ?и, Ñ?ак как они иÑ?полÑ?зÑ?Ñ?Ñ? вÑ?Ñ?овненнÑ?е бÑ?Ñ?еÑ?Ñ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7547">CVE-2015-7547</a>
- - <p>The Google Security Team and Red Hat discovered that the eglibc
- - host name resolver function, getaddrinfo, when processing
- - AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
- - internal buffers, leading to a stack-based buffer overflow and
- - arbitrary code execution. This vulnerability affects most
- - applications which perform host name resolution using getaddrinfo,
- - including system services.</p></li>
+ <p>ЧленÑ? Ð?омандÑ? безопаÑ?ноÑ?Ñ?и Google и Ñ?оÑ?Ñ?Ñ?дники Red Hat обнаÑ?Ñ?жили, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ?
+ Ñ?азÑ?еÑ?ениÑ? имÑ?н Ñ?злов eglibc, getaddrinfo, пÑ?и обÑ?абоÑ?ке
+ запÑ?оÑ?ов AF_UNSPEC (длÑ? двойного поиÑ?ка A/AAAA) можеÑ? непÑ?авилÑ?но иÑ?полÑ?зоваÑ?Ñ?
+ Ñ?вои внÑ?Ñ?Ñ?енние бÑ?Ñ?еÑ?Ñ?, Ñ?Ñ?о пÑ?иводиÑ? к пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а и
+ вÑ?полнениÑ? пÑ?оизволÑ?ного кода. Ð?аннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? каÑ?аеÑ?Ñ?Ñ? болÑ?Ñ?инÑ?Ñ?ва
+ пÑ?иложений, вÑ?полнÑ?Ñ?Ñ?иÑ? Ñ?азÑ?еÑ?ение имÑ?н Ñ?злов Ñ? помоÑ?Ñ?Ñ? getaddrinfo,
+ вклÑ?Ñ?аÑ? Ñ?иÑ?Ñ?емнÑ?е Ñ?лÑ?жбÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8776">CVE-2015-8776</a>
- - <p>Adam Nielsen discovered that if an invalid separated time value
- - is passed to strftime, the strftime function could crash or leak
- - information. Applications normally pass only valid time
- - information to strftime; no affected applications are known.</p></li>
+ <p>Ð?дам Ð?илÑ?Ñ?ен обнаÑ?Ñ?жил, Ñ?Ñ?о еÑ?ли непÑ?авилÑ?но Ñ?азделÑ?нное знаÑ?ение, обознаÑ?аÑ?Ñ?ее вÑ?емÑ?,
+ пеÑ?едаÑ?Ñ?Ñ?Ñ? strftime, Ñ?о Ñ?Ñ?нкÑ?иÑ? strftime можеÑ? аваÑ?ийно завеÑ?Ñ?иÑ?Ñ? Ñ?абоÑ?Ñ?, либо можеÑ? пÑ?оизойÑ?и
+ Ñ?Ñ?еÑ?ка инÑ?оÑ?маÑ?ии. Ð?Ñ?иложениÑ? обÑ?Ñ?но пеÑ?едаÑ?Ñ? Ñ?олÑ?ко коÑ?Ñ?екÑ?нÑ?Ñ? инÑ?оÑ?маÑ?иÑ?
+ о вÑ?емени Ñ?Ñ?нкÑ?ии strftime; подвеÑ?женнÑ?е данной пÑ?облеме пÑ?иложениÑ? не извеÑ?Ñ?нÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8777">CVE-2015-8777</a>
- - <p>Hector Marco-Gisbert reported that LD_POINTER_GUARD was not
- - ignored for SUID programs, enabling an unintended bypass of a
- - security feature. This update causes eglibc to always ignore the
- - LD_POINTER_GUARD environment variable.</p></li>
+ <p>Ð?екÑ?оÑ? Ð?аÑ?ко-Ð?иÑ?беÑ?Ñ? Ñ?ообÑ?ил, Ñ?Ñ?о LD_POINTER_GUARD не игноÑ?иÑ?Ñ?еÑ?Ñ?Ñ?
+ длÑ? пÑ?огÑ?амм Ñ? Ñ?лагом пÑ?ав доÑ?Ñ?Ñ?па, позволÑ?Ñ?Ñ?им запÑ?Ñ?Ñ?иÑ?Ñ? Ñ?Ñ?и пÑ?огÑ?аммÑ? оÑ? лиÑ?а владелÑ?Ñ?а, Ñ?Ñ?о позволÑ?еÑ?
+ ненамеÑ?енно обÑ?одиÑ?Ñ? Ñ?Ñ?едÑ?Ñ?ва безопаÑ?ноÑ?Ñ?и. Ð?анное обновление Ñ?Ñ?ебÑ?еÑ?, Ñ?Ñ?обÑ? eglibc вÑ?егда игноÑ?иÑ?овало
+ пеÑ?еменнÑ?Ñ? окÑ?Ñ?жениÑ? LD_POINTER_GUARD.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8778">CVE-2015-8778</a>
- - <p>Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r
- - functions did not check the size argument properly, leading to a
- - crash (denial of service) for certain arguments. No impacted
- - applications are known at this time.</p></li>
+ <p>СаболÑ?Ñ? Ð?аги Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?едко иÑ?полÑ?зÑ?емÑ?е Ñ?Ñ?нкÑ?ии hcreate и hcreate_r
+ непÑ?авилÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?овеÑ?кÑ? Ñ?азмеÑ?а аÑ?гÑ?менÑ?а, Ñ?Ñ?о пÑ?иводиÑ? к
+ аваÑ?ийной оÑ?Ñ?ановке (оÑ?каз в обÑ?лÑ?живании) в Ñ?лÑ?Ñ?ае иÑ?полÑ?зованиÑ? опÑ?еделÑ?ннÑ?Ñ? аÑ?гÑ?менÑ?ов. Ð?ока
+ ниÑ?его не извеÑ?Ñ?но о пÑ?иложениÑ?Ñ?, подвеÑ?женнÑ?Ñ? данной пÑ?облеме.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8779">CVE-2015-8779</a>
- - <p>The catopen function contains several unbound stack allocations
- - (stack overflows), causing it the crash the process (denial of
- - service). No applications where this issue has a security impact
- - are currently known.</p>
- -
- -<p>The following fixed vulnerabilities currently lack CVE assignment:</p>
- -
- - <p>Joseph Myers reported discovered that an integer overflow in the
- - strxfrm can lead to heap-based buffer overflow, possibly allowing
- - arbitrary code execution. In addition, a fallback path in strxfrm
- - uses an unbounded stack allocation (stack overflow), leading to a
- - crash or erroneous application behavior.</p>
- -
- - <p>Kostya Serebryany reported that the fnmatch function could skip
- - over the terminating NUL character of a malformed pattern, causing
- - an application calling fnmatch to crash (denial of service).</p>
- -
- - <p>Joseph Myers reported that the IO_wstr_overflow function,
- - internally used by wide-oriented character streams, suffered from
- - an integer overflow, leading to a heap-based buffer overflow. On
- - GNU/Linux systems, wide-oriented character streams are rarely
- - used, and no affected applications are known.</p>
- -
- - <p>Andreas Schwab reported a memory leak (memory allocation without a
- - matching deallocation) while processing certain DNS answers in
- - getaddrinfo, related to the _nss_dns_gethostbyname4_r function.
- - This vulnerability could lead to a denial of service.</p>
- -
- -<p>While it is only necessary to ensure that all processes are not using
- -the old eglibc anymore, it is recommended to reboot the machines after
- -applying the security upgrade.</p></li>
+ <p>ФÑ?нкÑ?иÑ? catopen Ñ?одеÑ?жиÑ? неÑ?колÑ?ко неогÑ?аниÑ?еннÑ?Ñ? вÑ?делений Ñ?Ñ?Ñ?ка
+ (пеÑ?еполнение Ñ?Ñ?Ñ?ка), Ñ?Ñ?о пÑ?иводиÑ? к аваÑ?ийной оÑ?Ñ?ановке пÑ?оÑ?еÑ?Ñ?а (оÑ?каз в
+ обÑ?лÑ?живании). Ð?ока ниÑ?его не извеÑ?Ñ?но о пÑ?иложениÑ?Ñ?, подвеÑ?женнÑ?Ñ?
+ данной пÑ?облеме.</p>
+
+<p>У Ñ?ледÑ?Ñ?Ñ?иÑ? Ñ?Ñ?звимоÑ?Ñ?ей пока оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?Ñ?Ñ? иденÑ?иÑ?икаÑ?оÑ?Ñ? CVE:</p>
+
+ <p>Ð?жозеÑ? Ð?айеÑ? Ñ?ообÑ?ил, Ñ?Ñ?о пеÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в
+ strxfrm можеÑ? пÑ?иводиÑ?Ñ? к пеÑ?еполнениÑ? динамиÑ?еÑ?кой памÑ?Ñ?и, Ñ?Ñ?о веÑ?оÑ?Ñ?но
+ позволÑ?еÑ? вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код. Ð?Ñ?оме Ñ?ого, пеÑ?еÑ?од на аваÑ?ийнÑ?й Ñ?ежим
+ в strxfrm иÑ?полÑ?зÑ?еÑ? неогÑ?аниÑ?енное вÑ?деление Ñ?Ñ?Ñ?ка (пеÑ?еполнение Ñ?Ñ?Ñ?ка), Ñ?Ñ?о пÑ?иводиÑ?
+ к аваÑ?ийной оÑ?Ñ?ановке или некоÑ?Ñ?екÑ?номÑ? поведениÑ? пÑ?иложениÑ?.</p>
+
+ <p>Ð?оÑ?Ñ?Ñ? СеÑ?ебÑ?нÑ?й Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? fnmatch можеÑ? пÑ?опÑ?Ñ?Ñ?иÑ?Ñ?
+ завеÑ?Ñ?аÑ?Ñ?ий NUL-Ñ?имвол в некоÑ?Ñ?екÑ?ном Ñ?аблоне, Ñ?Ñ?о пÑ?иводиÑ?
+ к Ñ?омÑ?, Ñ?Ñ?о пÑ?иложение, вÑ?зÑ?ваÑ?Ñ?ее fnmatch, аваÑ?ийно оÑ?Ñ?анавливаеÑ?Ñ?Ñ? (оÑ?каз в обÑ?лÑ?живании).</p>
+
+ <p>Ð?жозеÑ? Ð?айеÑ? Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? IO_wstr_overflow,
+ внÑ?Ñ?Ñ?енне иÑ?полÑ?зÑ?емаÑ? Ñ?имволÑ?нÑ?ми поÑ?оками, Ñ?одеÑ?жиÑ?
+ пеÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел, Ñ?Ñ?о пÑ?иводиÑ? к пеÑ?еполнениÑ? динамиÑ?еÑ?кой памÑ?Ñ?и. Ð?
+ Ñ?иÑ?Ñ?емаÑ? GNU/Linux, Ñ?акие Ñ?имволÑ?нÑ?е поÑ?оки Ñ?едко
+ иÑ?полÑ?зÑ?Ñ?Ñ?Ñ?Ñ?, а подвеÑ?женнÑ?е Ñ?Ñ?ой Ñ?Ñ?звимоÑ?Ñ?и пÑ?иложениÑ? не извеÑ?Ñ?нÑ?.</p>
+
+ <p>Ð?ндÑ?еаÑ? Шваб Ñ?ообÑ?ил об Ñ?Ñ?еÑ?ке памÑ?Ñ?и (вÑ?деление памÑ?Ñ?и без
+ Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?Ñ?Ñ?его оÑ?вобождениÑ?) пÑ?и обÑ?абоÑ?ке опÑ?еделÑ?ннÑ?Ñ? оÑ?веÑ?ов DNS в
+ getaddrinfo, Ñ?вÑ?занной Ñ? _nss_dns_gethostbyname4_r Ñ?Ñ?нкÑ?ией.
+ Ð?аннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании.</p>
+
+<p>ХоÑ?Ñ? Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ? лиÑ?Ñ? Ñ?бедиÑ?Ñ?Ñ?Ñ?, Ñ?Ñ?о ни один пÑ?оÑ?еÑ?Ñ? более не иÑ?полÑ?зÑ?еÑ?
+Ñ?Ñ?аÑ?Ñ?Ñ? библиоÑ?екÑ? eglibc, Ñ?екомендÑ?еÑ?Ñ?Ñ? пеÑ?езагÑ?Ñ?зиÑ?Ñ? маÑ?инÑ? поÑ?ле
+пÑ?именениÑ? данного обновление безопаÑ?ноÑ?Ñ?и.</p></li>
</ul>
- -<p>For the oldstable distribution (wheezy), these problems have been fixed
- -in version 2.13-38+deb7u10.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (wheezy) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 2.13-38+deb7u10.</p>
- -<p>We recommend that you upgrade your eglibc packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? eglibc.</p>
</define-tag>
# do not modify the following line
- --- english/security/2016/dsa-3481.wml 2016-02-16 19:49:12.000000000 +0500
+++ russian/security/2016/dsa-3481.wml 2016-02-16 22:25:49.658313068 +0500
@@ -1,56 +1,57 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been fixed in the GNU C Library, glibc. </p>
+<p>Ð? библиоÑ?еке GNU C, glibc, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
- -<p>The first vulnerability listed below is considered to have critical
- -impact.</p>
+<p>Ð?еÑ?ваÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ?, Ñ?казаннаÑ? ниже, Ñ?Ñ?иÑ?аеÑ?Ñ?Ñ?
+кÑ?иÑ?иÑ?еÑ?кой.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7547">CVE-2015-7547</a>
- - <p>The Google Security Team and Red Hat discovered that the glibc
- - host name resolver function, getaddrinfo, when processing
- - AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
- - internal buffers, leading to a stack-based buffer overflow and
- - arbitrary code execution. This vulnerability affects most
- - applications which perform host name resolution using getaddrinfo,
- - including system services.</p></li>
+ <p>ЧленÑ? Ð?омандÑ? безопаÑ?ноÑ?Ñ?и Google и Ñ?оÑ?Ñ?Ñ?дники Red Hat обнаÑ?Ñ?жили, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ?
+ Ñ?азÑ?еÑ?ениÑ? имÑ?н Ñ?злов eglibc, getaddrinfo, пÑ?и обÑ?абоÑ?ке
+ запÑ?оÑ?ов AF_UNSPEC (длÑ? двойного поиÑ?ка A/AAAA) можеÑ? непÑ?авилÑ?но иÑ?полÑ?зоваÑ?Ñ?
+ Ñ?вои внÑ?Ñ?Ñ?енние бÑ?Ñ?еÑ?Ñ?, Ñ?Ñ?о пÑ?иводиÑ? к пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а и
+ вÑ?полнениÑ? пÑ?оизволÑ?ного кода. Ð?аннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? каÑ?аеÑ?Ñ?Ñ? болÑ?Ñ?инÑ?Ñ?ва
+ пÑ?иложений, вÑ?полнÑ?Ñ?Ñ?иÑ? Ñ?азÑ?еÑ?ение имÑ?н Ñ?злов Ñ? помоÑ?Ñ?Ñ? getaddrinfo,
+ вклÑ?Ñ?аÑ? Ñ?иÑ?Ñ?емнÑ?е Ñ?лÑ?жбÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8776">CVE-2015-8776</a>
- - <p>Adam Nielsen discovered that if an invalid separated time value
- - is passed to strftime, the strftime function could crash or leak
- - information. Applications normally pass only valid time
- - information to strftime; no affected applications are known.</p></li>
+ <p>Ð?дам Ð?илÑ?Ñ?ен обнаÑ?Ñ?жил, Ñ?Ñ?о еÑ?ли непÑ?авилÑ?но Ñ?азделÑ?нное знаÑ?ение, обознаÑ?аÑ?Ñ?ее вÑ?емÑ?,
+ пеÑ?едаÑ?Ñ?Ñ?Ñ? strftime, Ñ?о Ñ?Ñ?нкÑ?иÑ? strftime можеÑ? аваÑ?ийно завеÑ?Ñ?иÑ?Ñ? Ñ?абоÑ?Ñ?, либо можеÑ? пÑ?оизойÑ?и
+ Ñ?Ñ?еÑ?ка инÑ?оÑ?маÑ?ии. Ð?Ñ?иложениÑ? обÑ?Ñ?но пеÑ?едаÑ?Ñ? Ñ?олÑ?ко коÑ?Ñ?екÑ?нÑ?Ñ? инÑ?оÑ?маÑ?иÑ?
+ о вÑ?емени Ñ?Ñ?нкÑ?ии strftime; подвеÑ?женнÑ?е данной пÑ?облеме пÑ?иложениÑ? не извеÑ?Ñ?нÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8778">CVE-2015-8778</a>
- - <p>Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r
- - functions did not check the size argument properly, leading to a
- - crash (denial of service) for certain arguments. No impacted
- - applications are known at this time.</p></li>
+ <p>СаболÑ?Ñ? Ð?аги Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?едко иÑ?полÑ?зÑ?емÑ?е Ñ?Ñ?нкÑ?ии hcreate и hcreate_r
+ непÑ?авилÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?овеÑ?кÑ? Ñ?азмеÑ?а аÑ?гÑ?менÑ?а, Ñ?Ñ?о пÑ?иводиÑ? к
+ аваÑ?ийной оÑ?Ñ?ановке (оÑ?каз в обÑ?лÑ?живании) в Ñ?лÑ?Ñ?ае иÑ?полÑ?зованиÑ? опÑ?еделÑ?ннÑ?Ñ? аÑ?гÑ?менÑ?ов. Ð?ока
+ ниÑ?его не извеÑ?Ñ?но о пÑ?иложениÑ?Ñ?, подвеÑ?женнÑ?Ñ? данной пÑ?облеме.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8779">CVE-2015-8779</a>
- - <p>The catopen function contains several unbound stack allocations
- - (stack overflows), causing it the crash the process (denial of
- - service). No applications where this issue has a security impact
- - are currently known.</p>
- -
- -<p>While it is only necessary to ensure that all processes are not using
- -the old glibc anymore, it is recommended to reboot the machines after
- -applying the security upgrade.</p></li>
+ <p>ФÑ?нкÑ?иÑ? catopen Ñ?одеÑ?жиÑ? неÑ?колÑ?ко неогÑ?аниÑ?еннÑ?Ñ? вÑ?делений Ñ?Ñ?Ñ?ка
+ (пеÑ?еполнение Ñ?Ñ?Ñ?ка), Ñ?Ñ?о пÑ?иводиÑ? к аваÑ?ийной оÑ?Ñ?ановке пÑ?оÑ?еÑ?Ñ?а (оÑ?каз в
+ обÑ?лÑ?живании). Ð?ока ниÑ?его не извеÑ?Ñ?но о пÑ?иложениÑ?Ñ?, подвеÑ?женнÑ?Ñ?
+ данной пÑ?облеме.</p>
+
+<p>ХоÑ?Ñ? Ñ?Ñ?ебÑ?еÑ?Ñ?Ñ? лиÑ?Ñ? Ñ?бедиÑ?Ñ?Ñ?Ñ?, Ñ?Ñ?о ни один пÑ?оÑ?еÑ?Ñ? более не иÑ?полÑ?зÑ?еÑ?
+Ñ?Ñ?аÑ?Ñ?Ñ? библиоÑ?екÑ? glibc, Ñ?екомендÑ?еÑ?Ñ?Ñ? пеÑ?езагÑ?Ñ?зиÑ?Ñ? маÑ?инÑ? поÑ?ле
+пÑ?именениÑ? данного обновление безопаÑ?ноÑ?Ñ?и.</p></li>
</ul>
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 2.19-18+deb8u3.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.19-18+deb8u3.</p>
- -<p>For the unstable distribution (sid), these problems will be fixed in
- -version 2.21-8.</p>
+<p>Ð? неÑ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (sid) Ñ?Ñ?и пÑ?облемÑ? бÑ?дÑ?Ñ? иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.21-8.</p>
- -<p>We recommend that you upgrade your glibc packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? glibc.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWw1vsAAoJEF7nbuICFtKlaf8P/1cProOOpctRW2mw0z7ucdPQ
cjQL1IvqNArmo3JHGGKxcf65eHl44GNByBxbn5xYPPHh1BxEK+Darj4fTUNHoNx1
jz7Cs7BaEi0YNP13P5km5Fht/oOi05v+Y3L5veDVObVpVtSDU4w/O5ou2928zkC1
h8NluQ0SuN35t/BybpLdqPYhftLsJT9lX69g7RyO3ZhzEJdygOKcvxHJ/I17A77Y
GQ9HV8ng2pmGcVbA4HTs6oFP4tv67Mg/UVyJfTwukyqgNGT/VJ4UmFBSXr2MDyFi
9Bw3O0cWnkEKGtBKnGHZPPeZjcP3NF/7U++VYVbGSFbWbyTURaueAVF6abCnIgk7
YcSHSKg7Cev/rnQmnuYuJ6C5tHQOXFCA5/1dOlygXcsdNdRuHROkta9jetf8teIg
Kk5XBGZgo7R5lwi2ofriYe2/DDOXdWp3snA7LZ3r0Qnmrv90obbXVFZ/8kFbxWH5
hSGYJFdp70EPt32CxVhy0TNADA8PTk3fVxcmUSevJL0YYee5QEawGvNKIjMTZZPp
2HVQY1Ykl1uXKKXxnTdzDUBGnjjT/dcdl36dzKA0i1e2U5shSXMEPEKmuToFpibE
b5RrkG/IuvoOLwEHESbyZ5HqI3NX32nlH4+Cu5YWLu04t9c5FVdL2QWDFwPqvEUx
j+ABJDdGNADuIBCeL3vF
=xMm9
-----END PGP SIGNATURE-----
Reply to:
- Prev by Date:
[DONE] wml://security/2010/dsa-{1985,2086,1983,1968,2109,2026,2120,2118,2091,2022,2046}.wml
- Next by Date:
[DONE] wml://News/2000/2000{1213,1025,0211,1121,1115,0116,0523}.wml
- Previous by thread:
[DONE] wml://security/2010/dsa-{1985,2086,1983,1968,2109,2026,2120,2118,2091,2022,2046}.wml
- Next by thread:
[DONE] wml://News/2000/2000{1213,1025,0211,1121,1115,0116,0523}.wml
- Index(es):