[DONE] wml://security/2016/dla-{402,392,406,423}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2016/dla-392.wml 2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-392.wml 2016-04-12 23:43:29.848537670 +0500
@@ -1,16 +1,17 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>High-Tech Bridge Security Research Lab discovered a path traversal
- -vulnerability in a popular webmail client Roundcube. Vulnerability can be
- -exploited to gain access to sensitive information and under certain
- -circumstances to execute arbitrary code and totally compromise the vulnerable
- -server.</p>
+<p>СоÑ?Ñ?Ñ?дники High-Tech Bridge Security Research Lab обнаÑ?Ñ?жили Ñ?Ñ?звимоÑ?Ñ?и, пÑ?оÑ?влÑ?Ñ?Ñ?Ñ?Ñ?Ñ?Ñ? в обÑ?оде
+пÑ?Ñ?и в попÑ?лÑ?Ñ?ном веб-клиенÑ?е Ñ?лекÑ?Ñ?онной поÑ?Ñ?Ñ? Roundcube. УÑ?звимоÑ?Ñ?Ñ? можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ?
+длÑ? полÑ?Ñ?ениÑ? доÑ?Ñ?Ñ?па к Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии, а пÑ?и некоÑ?оÑ?Ñ?Ñ? Ñ?Ñ?ловиÑ?Ñ? и длÑ?
+вÑ?полнениÑ? пÑ?оизволÑ?ного кода и полной компÑ?омеÑ?аÑ?ии Ñ?Ñ?звимого
+Ñ?еÑ?веÑ?а.</p>
- -<p>The vulnerability exists due to insufficient sanitization of <q>_skin</q> HTTP POST
- -parameter in "/index.php" script when changing between different skins of the
- -web application. A remote authenticated attacker can use path traversal
- -sequences (e.g. "../../") to load a new skin from arbitrary location on the
- -system, readable by the webserver.</p>
+<p>УказаннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? имееÑ? меÑ?Ñ?о из-за недоÑ?Ñ?аÑ?оÑ?ной оÑ?иÑ?Ñ?ки паÑ?амеÑ?Ñ?а HTTP POST <q>_skin</q>
+в Ñ?Ñ?енаÑ?ии "/index.php" пÑ?и вÑ?полнении изменениÑ? оÑ?оÑ?млениÑ?
+веб-пÑ?иложениÑ?. УдалÑ?ннÑ?й аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?й злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? поÑ?ледоваÑ?елÑ?ноÑ?Ñ?и
+обÑ?ода пÑ?Ñ?и (напÑ?. "../../") длÑ? загÑ?Ñ?зки новой Ñ?емÑ? оÑ?оÑ?млениÑ? из пÑ?оизволÑ?ного меÑ?Ñ?а в
+Ñ?иÑ?Ñ?еме, в коÑ?оÑ?омÑ? веб-Ñ?еÑ?веÑ? имееÑ? доÑ?Ñ?Ñ?п Ñ? пÑ?авами длÑ? Ñ?Ñ?ениÑ?.</p>
</define-tag>
# do not modify the following line
- --- english/security/2016/dla-402.wml 2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-402.wml 2016-04-12 23:39:10.552118139 +0500
@@ -1,13 +1,14 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>Two security flaws have been found and solved in libtiff, library that provides
- -support for handling Tag Image File Format (TIFF). These flaws concern out of
- -bounds reads in the TIFFRGBAImage interface, when parsing unsupported values
- -related to LogLUV and CIELab. <a href="https://security-tracker.debian.org/tracker/CVE-2015-8665">CVE-2015-8665</a> was reported by limingxing and
- -<a href="https://security-tracker.debian.org/tracker/CVE-2015-8683">CVE-2015-8683</a> by zzf of Alibaba.</p>
+<p>Ð? libtiff, библиоÑ?еке, пÑ?едоÑ?Ñ?авлÑ?Ñ?Ñ?ей поддеÑ?жкÑ? обÑ?абоÑ?ки изобÑ?ажений в Ñ?оÑ?маÑ?е
+TIFF, бÑ?ли обнаÑ?Ñ?женÑ? и иÑ?пÑ?авленÑ? две Ñ?Ñ?звимоÑ?Ñ?и. ÐÑ?и Ñ?Ñ?звимоÑ?Ñ?и каÑ?аÑ?Ñ?Ñ?Ñ? Ñ?Ñ?ениÑ? за пÑ?еделами
+вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и в инÑ?еÑ?Ñ?ейÑ?е TIFFRGBAImage пÑ?и вÑ?полнении гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а неподдеÑ?живаемÑ?Ñ? знаÑ?ений,
+Ñ?вÑ?заннÑ?Ñ? Ñ? LogLUV и CIELab. Ð?б <a href="https://security-tracker.debian.org/tracker/CVE-2015-8665">CVE-2015-8665</a> Ñ?ообÑ?ил limingxing, а
+об <a href="https://security-tracker.debian.org/tracker/CVE-2015-8683">CVE-2015-8683</a> Ñ?ообÑ?ил zzf из Alibaba.</p>
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in tiff version
- -3.9.4-5+squeeze13. We recommend you to upgrade your tiff packages.</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в tiff веÑ?Ñ?ии
+3.9.4-5+squeeze13. РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? tiff.</p>
</define-tag>
# do not modify the following line
- --- english/security/2016/dla-406.wml 2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-406.wml 2016-04-12 23:46:07.171320045 +0500
@@ -1,21 +1,22 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>Several flaws were discovered in the CSRF authentication code of
- -phpMyAdmin.</p>
+<p>Ð? коде CSRF-аÑ?Ñ?енÑ?иÑ?икаÑ?ии phpMyAdmin бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко
+Ñ?Ñ?звимоÑ?Ñ?ей.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2039">CVE-2016-2039</a>
- - <p>The XSRF/CSRF token is generated with a weak algorithm using
- - functions that do not return cryptographically secure values.</p></li>
+ <p>Токен XSRF/CSRF Ñ?оздаÑ?Ñ?Ñ?Ñ? пÑ?и помоÑ?и Ñ?лабого алгоÑ?иÑ?ма, иÑ?полÑ?зÑ?Ñ?
+ Ñ?Ñ?нкÑ?ии, коÑ?оÑ?Ñ?е не возвÑ?аÑ?аÑ?Ñ? кÑ?ипÑ?огÑ?аÑ?иÑ?еÑ?ки безопаÑ?нÑ?Ñ? знаÑ?ений.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2041">CVE-2016-2041</a>
- - <p>The comparison of the XSRF/CSRF token parameter with the value saved
- - in the session is vulnerable to timing attacks. Moreover, the
- - comparison could be bypassed if the XSRF/CSRF token matches a
- - particular pattern.</p></li>
+ <p>СÑ?авнение паÑ?амеÑ?Ñ?а Ñ?окена XSRF/CSRF Ñ?о знаÑ?ением, Ñ?оÑ?Ñ?анÑ?ннÑ?м в
+ Ñ?еÑ?Ñ?ии, Ñ?Ñ?звимо к аÑ?акам по Ñ?аймингÑ?. Ð?олее Ñ?ого, Ñ?Ñ?авнение
+ можено обойÑ?и в Ñ?лÑ?Ñ?ае, еÑ?ли Ñ?окен XSRF/CSRF Ñ?овпадаеÑ? Ñ?
+ опÑ?еделÑ?ннÑ?м Ñ?аблоном.</p></li>
</ul>
</define-tag>
- --- english/security/2016/dla-423.wml 2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-423.wml 2016-04-12 23:51:04.085618048 +0500
@@ -1,21 +1,22 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8629">CVE-2015-8629</a>
- - <p>It was discovered that an authenticated attacker can cause kadmind
- - to read beyond the end of allocated memory by sending a string
- - without a terminating zero byte. Information leakage may be possible
- - for an attacker with permission to modify the database.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?й злоÑ?мÑ?Ñ?ленник пÑ?Ñ?Ñ?м оÑ?пÑ?авки Ñ?Ñ?Ñ?оки, не Ñ?одеÑ?жаÑ?ей
+ завеÑ?Ñ?аÑ?Ñ?ий нÑ?левой байÑ?, можеÑ? вÑ?зваÑ?Ñ? Ñ?иÑ?Ñ?аÑ?иÑ?, пÑ?и коÑ?оÑ?ой kadmind вÑ?полнÑ?еÑ? Ñ?Ñ?ение за
+ пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и. Ð?лоÑ?мÑ?Ñ?ленник Ñ? пÑ?авом на изменение базÑ?
+ даннÑ?Ñ? можеÑ? вÑ?зваÑ?Ñ? Ñ?Ñ?еÑ?кÑ? инÑ?оÑ?маÑ?ии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8631">CVE-2015-8631</a>
- - <p>It was discovered that an authenticated attacker can cause kadmind
- - to leak memory by supplying a null principal name in a request which
- - uses one. Repeating these requests will eventually cause kadmind to
- - exhaust all available memory.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?й злоÑ?мÑ?Ñ?ленник пÑ?Ñ?Ñ?м пеÑ?едаÑ?и пÑ?Ñ?Ñ?ого
+ главного имени в запÑ?оÑ?е, иÑ?полÑ?зÑ?Ñ?Ñ?ем Ñ?акое имÑ?, можеÑ? вÑ?зваÑ?Ñ? Ñ?Ñ?еÑ?кÑ? памÑ?Ñ?и
+ в kadmind. Ð?овÑ?оÑ?нÑ?е оÑ?пÑ?авки Ñ?акого запÑ?оÑ?а пÑ?иведÑ?Ñ? к Ñ?омÑ?, Ñ?Ñ?о kadmind
+ иÑ?полÑ?зÑ?еÑ? вÑ?Ñ? доÑ?Ñ?Ñ?пнÑ?Ñ? памÑ?Ñ?Ñ?.</p></li>
</ul>
</define-tag>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXDUObAAoJEF7nbuICFtKl7NQQAKl4HOqD3C2vicsGF11tkkrl
NW/R0WQ3duHct65KCmUNe5sFyR4PAx4ooGgb3wL4ZKA270X8nrrDUDU96eyHDgF+
qL3OqaQhu5ApAGfyglijAdHfH+y7liybUBN74sg26YsW7Sjb0tSUkhKfmLpD6AXc
9IoVH7+TT3AblrJNKSGS1zJYh13punjyqzWc1W9pfKcmxiFsYNq+7+q5mcV00PvP
+/pr19NQCEfSyVY24CnQaNL1cNjb2hRLMW8tnvURBdgqrRPNJm65a0eDg3pliR5Y
EcdLCV0H5s4HzWoQhc/LWmwJLZYUC6mhZZRX9qbHC698BAOFQOr1MbeL4BB3ta+A
TUr2He+qbE+4O6OW6fTzJj4Ai2vqesDvG6iyBUyb1Xip8i9BtwoQ/AdCgdw7hqKo
CF/qUH+U+rNbF3RzHTFJjaSKwrTikSQcEIyrzOdKDdiGH61xeRKyQmQ0o5zl/vRd
zh7n1jA0xQ8kGH24ujKvkH8pKOPvWB+mpxKA0lnTm7mAsvUBfkbWtngqjH2WcJpK
ulKQNoY8+CRUUs2MafplOyBYHVtmpBuYH4g1j2I6cwZ6WZlAnJf1QPns4ieK2Piw
3O/a3seBCptPiWzlUlSi5RZS7pvDNGNSiNnbLsYQHFxpOOeGEKf5BlSkKT7ZaNUz
SWj5WeXmL9TTpSJKV3my
=e1LQ
-----END PGP SIGNATURE-----
Reply to: