[DONE] wml://security/2016/dla-{379,411,442}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2016/dla-379.wml 2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-379.wml 2016-04-13 23:24:05.881378974 +0500
@@ -1,34 +1,35 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities were found in Samba, a SMB/CIFS implementation
- -that provides a file, print, and login server.</p>
+<p>Ð? Samba, Ñ?еализаÑ?ии SMB/CIFS, пÑ?едоÑ?Ñ?авлÑ?Ñ?Ñ?ей Ñ?лÑ?жбÑ? Ñ?айлового Ñ?еÑ?веÑ?а, Ñ?еÑ?веÑ?а пеÑ?аÑ?и
+и аÑ?Ñ?енÑ?иÑ?икаÑ?ии, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5252";>CVE-2015-5252</a>
- - <p>Jan <q>Yenya</q> Kasprzak and the Computer Systems Unit team at Faculty
- - of Informatics, Masaryk University, reported that samba wrongly
- - verified symlinks, making it possible to access resources outside
- - the shared path, under certain circumstances.</p></li>
+ <p>Ян <q>Yenya</q> Ð?аÑ?пÑ?жак и команда Computer Systems Unit из Ñ?акÑ?лÑ?Ñ?еÑ?а
+ инÑ?оÑ?маÑ?ики Ð?аÑ?аÑ?икова Ñ?нивеÑ?Ñ?иÑ?еÑ?а Ñ?ообÑ?или, Ñ?Ñ?о samba непÑ?авилÑ?но
+ вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?имволÑ?нÑ?Ñ? Ñ?Ñ?Ñ?лок, Ñ?Ñ?о позволÑ?еÑ? пÑ?и опÑ?еделÑ?ннÑ?Ñ? Ñ?Ñ?ловиÑ?Ñ?
+ полÑ?Ñ?аÑ?Ñ? доÑ?Ñ?Ñ?п к Ñ?еÑ?Ñ?Ñ?Ñ?ам за пÑ?еделами пÑ?Ñ?и обÑ?его доÑ?Ñ?Ñ?па.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5296";>CVE-2015-5296</a>
- - <p>Stefan Metzmacher of SerNet and the Samba Team discovered that samba
- - did not ensure that signing was negotiated when a client established
- - an encrypted connection against a samba server.</p></li>
+ <p>ШÑ?еÑ?ан Ð?еÑ?маÑ?еÑ? из SerNet и команда Samba обнаÑ?Ñ?жили, Ñ?Ñ?о samba
+ не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? Ñ?оглаÑ?ованиÑ? подпиÑ?ей, когда клиенÑ? Ñ?Ñ?Ñ?анавливаеÑ?
+ заÑ?иÑ?Ñ?ованное Ñ?оединение Ñ? Ñ?еÑ?веÑ?ом samba.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5299";>CVE-2015-5299</a>
- - <p>Samba was vulnerable to a missing access control check in the
- - VFS shadow_copy2 module, that could allow unauthorized users to
- - access snapshots.</p></li>
+ <p>Ð? Samba оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? пÑ?овеÑ?ка Ñ?пÑ?авлениÑ? доÑ?Ñ?Ñ?пом в модÑ?ле
+ VFS shadow_copy2, Ñ?Ñ?о можеÑ? позволиÑ?Ñ? неавÑ?оÑ?изованнÑ?м полÑ?зоваÑ?елÑ?м
+ полÑ?Ñ?аÑ?Ñ? доÑ?Ñ?Ñ?п к Ñ?Ñ?езам.</p></li>
</ul>
- -<p>For Debian 6 <q>Squeeze</q>, this issue has been fixed in samba version
- -2:3.5.6~dfsg-3squeeze13. We recommend you to upgrade your samba
- -packages.</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?а пÑ?облема бÑ?ла иÑ?пÑ?авлена в samba веÑ?Ñ?ии
+2:3.5.6~dfsg-3squeeze13. РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ?
+samba.</p>
</define-tag>
# do not modify the following line
- --- english/security/2016/dla-411.wml 2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-411.wml 2016-04-13 23:47:17.359613544 +0500
@@ -1,37 +1,38 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been fixed in the Debian GNU C Library,
- -eglibc:</p>
+<p>Ð? eglibc, библиоÑ?еке GNU C длÑ? Debian бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко
+Ñ?Ñ?звимоÑ?Ñ?ей:</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9761";>CVE-2014-9761</a>
- - <p>The math's nan* function wrongly handled payload strings, yielding
- - to an unbounded stack allocation based on the length of the
- - arguments. To solve this issue, payload parsing has been refactored
- - out of strtod into a separate functions that nan* can call directly.</p></li>
+ <p>ФÑ?нкÑ?иÑ? nan* из math непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? инÑ?оÑ?маÑ?ионнÑ?е Ñ?Ñ?Ñ?оки, Ñ?Ñ?о пÑ?иводиÑ?
+ к вÑ?делениÑ? неогÑ?аниÑ?енного Ñ?Ñ?ека на оÑ?нове длинÑ?
+ аÑ?гÑ?менÑ?ов. Ð?лÑ? Ñ?еÑ?ениÑ? Ñ?Ñ?ой пÑ?облемÑ? гÑ?аммаÑ?иÑ?еÑ?кий Ñ?азбоÑ? полезнÑ?Ñ? даннÑ?Ñ? бÑ?л вÑ?делен
+ из strtod в оÑ?делÑ?нÑ?е Ñ?Ñ?нкÑ?ии, коÑ?оÑ?Ñ?е nan* можеÑ? вÑ?зÑ?ваÑ?Ñ? напÑ?Ñ?мÑ?Ñ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8776";>CVE-2015-8776</a>
- - <p>The strftime() function made it possible to access invalid memory,
- - allowing to segfault the calling application.</p></li>
+ <p>ФÑ?нкÑ?иÑ? strftime() позволÑ?еÑ? полÑ?Ñ?аÑ?Ñ? доÑ?Ñ?Ñ?п к непÑ?авилÑ?ной облаÑ?Ñ?и памÑ?Ñ?и,
+ Ñ?Ñ?о позволÑ?еÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?ибкÑ? Ñ?егменÑ?иÑ?ованиÑ? в вÑ?зÑ?ваÑ?Ñ?ем Ñ?Ñ?Ñ? Ñ?Ñ?нкÑ?иÑ? пÑ?иложении.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8778";>CVE-2015-8778</a>
- - <p>hcreate() was susceptible to an integer overflow, that may results
- - in out-of-bounds heap accesses.</p></li>
+ <p>ФÑ?нкÑ?иÑ? hcreate() возможно Ñ?одеÑ?жиÑ? пеÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел, коÑ?оÑ?ое можеÑ? пÑ?иводиÑ?Ñ?
+ к обÑ?аÑ?ениÑ? к облаÑ?Ñ?Ñ?м динамиÑ?еÑ?кой памÑ?Ñ?и за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8779";>CVE-2015-8779</a>
- - <p>The catopen() function suffered from multiple unbounded stack
- - allocations.</p></li>
+ <p>ФÑ?нкÑ?иÑ? catopen() Ñ?одеÑ?жиÑ? многоÑ?иÑ?леннÑ?е вÑ?делениÑ? неогÑ?аниÑ?енного
+ Ñ?Ñ?ека.</p></li>
</ul>
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in eglibc version
- -eglibc_2.11.3-4+deb6u9. We recommend you to upgrade your eglibc
- -packages.</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в eglibc веÑ?Ñ?ии
+eglibc_2.11.3-4+deb6u9. РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ?
+eglibc.</p>
</define-tag>
# do not modify the following line
- --- english/security/2016/dla-442.wml 2016-04-08 01:54:45.000000000 +0500
+++ russian/security/2016/dla-442.wml 2016-04-13 23:56:59.297013559 +0500
@@ -1,32 +1,33 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-6441";>CVE-2013-6441</a>
- - <p>The template script lxc-sshd used to mount itself as /sbin/init in the
- - container using a writable bind-mount.</p>
+ <p>Шаблон Ñ?Ñ?енаÑ?иÑ? lxc-sshd иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? длÑ? монÑ?иÑ?ованиÑ? его в каÑ?еÑ?Ñ?ве /sbin/init в
+ конÑ?ейнеÑ?е, иÑ?полÑ?зÑ?Ñ? монÑ?иÑ?ованиÑ? Ñ? опÑ?ией bind и возможноÑ?Ñ?Ñ?Ñ? пеÑ?езапиÑ?и.</p>
- - <p>This update resolved the above issue by using a read-only bind-mount
- - instead preventing any form of potentially accidental damage.</p></li>
+ <p>Ð?анное обновление Ñ?еÑ?аеÑ? Ñ?казаннÑ?Ñ? вÑ?Ñ?е пÑ?облемÑ?, иÑ?полÑ?зÑ?Ñ? монÑ?иÑ?ованиÑ? Ñ? опÑ?ией bind
+ и без возможноÑ?Ñ?и запиÑ?и, Ñ?Ñ?о пÑ?едоÑ?вÑ?аÑ?аеÑ? лÑ?бое поÑ?енÑ?иалÑ?ное ненамеÑ?енное повÑ?еждение даннÑ?Ñ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1335";>CVE-2015-1335</a>
- - <p>On container startup, lxc sets up the container's initial file system
- - tree by doing a bunch of mounting, guided by the container's configuration
- - file.</p>
- -
- - <p>The container config is owned by the admin or user on the host, so we
- - do not try to guard against bad entries. However, since the mount
- - target is in the container, it's possible that the container admin
- - could divert the mount with symbolic links. This could bypass proper
- - container startup (i.e. confinement of a root-owned container by the
- - restrictive apparmor policy, by diverting the required write to
- - /proc/self/attr/current), or bypass the (path-based) apparmor policy
- - by diverting, say, /proc to /mnt in the container.</p>
+ <p>Ð?Ñ?и запÑ?Ñ?ке конÑ?ейнеÑ?а lxc Ñ?Ñ?Ñ?анавливаеÑ? изнаÑ?алÑ?ное деÑ?ево Ñ?айловой Ñ?иÑ?Ñ?емÑ?
+ конÑ?ейнеÑ?а, вÑ?полнÑ?Ñ? неÑ?колÑ?ко Ñ?аз монÑ?иÑ?ование, коÑ?оÑ?ое оÑ?Ñ?Ñ?еÑ?Ñ?влÑ?еÑ?Ñ?Ñ? в Ñ?ооÑ?веÑ?Ñ?вии Ñ? Ñ?айлом
+ наÑ?Ñ?Ñ?ойки конÑ?ейнеÑ?а.</p>
+
+ <p>Ð?ладелÑ?Ñ?ем Ñ?айла наÑ?Ñ?Ñ?ойки конÑ?ейнеÑ?а Ñ?влÑ?еÑ?Ñ?Ñ? админиÑ?Ñ?Ñ?аÑ?оÑ? или полÑ?зоваÑ?елÑ? Ñ?зла, поÑ?Ñ?омÑ?
+ заÑ?иÑ?а оÑ? плоÑ?иÑ? запиÑ?ей в нÑ?м оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ?. Тем не менее, поÑ?колÑ?кÑ? Ñ?елÑ? монÑ?иÑ?ованиÑ?
+ наÑ?одиÑ?Ñ?Ñ? в конÑ?ейнеÑ?е, поÑ?Ñ?олÑ?кÑ? возможно, Ñ?Ñ?о админиÑ?Ñ?Ñ?аÑ?оÑ? конÑ?ейнеÑ?а
+ изменил монÑ?иÑ?ование Ñ? помоÑ?Ñ?Ñ? Ñ?имволÑ?нÑ?Ñ? Ñ?Ñ?Ñ?лок. ÐÑ?о можеÑ? позволиÑ?Ñ? обойÑ?и наÑ?Ñ?Ñ?ойки конÑ?ейнеÑ?а
+ пÑ?и его запÑ?Ñ?ке (Ñ?о еÑ?Ñ?Ñ?, изолÑ?Ñ?иÑ? конÑ?ейнеÑ?а, владелÑ?Ñ?ем коÑ?оÑ?ого Ñ?влÑ?еÑ?Ñ?Ñ? Ñ?Ñ?пеÑ?полÑ?зоваÑ?елÑ?,
+ Ñ? помоÑ?Ñ?Ñ? огÑ?аниÑ?иваÑ?Ñ?его пÑ?авила apparmor, пÑ?Ñ?Ñ?м изменениÑ? Ñ?Ñ?ебÑ?емой запиÑ?и в
+ /proc/self/attr/current), либо обойÑ?и пÑ?авило apparmor (на оÑ?нове пÑ?Ñ?и)
+ пÑ?Ñ?Ñ?м изменениÑ? в конÑ?ейнеÑ?е, напÑ?имеÑ?, /proc на /mnt.</p>
- - <p>This update implements a safe_mount() function that prevents lxc from
- - doing mounts onto symbolic links.</p></li>
+ <p>Ð?анное обновление Ñ?еализÑ?еÑ? Ñ?Ñ?нкÑ?иÑ? safe_mount(), коÑ?оÑ?аÑ? не позволÑ?еÑ? lxc
+ вÑ?полнÑ?Ñ?Ñ? монÑ?иÑ?ование в Ñ?имволÑ?нÑ?е Ñ?Ñ?Ñ?лки.</p></li>
</ul>
</define-tag>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXDpZ+AAoJEF7nbuICFtKlcooP/Rzvtx9HrUcsHRK1pL0iCX8B
E9abI7gEbkc+X06EO4xoC4dZmy9yeSOQia7Wa0tsuLl8KkvIizCX0IeHLrZZ8xU7
d6DQksYrpqK9HN17zzVhcIclvV1+b16A2WhF86v4CrHS/ocNNQFzgBOwZfQP6O+l
Kp+LqkzAh4LR5nfoLve33EentQ71BtJXaRU5X5Fa5iE3vHgQ2ySLVFmwYJS7D17i
nHvRLg9i9xu2llH9/Oe7xblRIM/QPbU2xOErXpv9hgNyUaFhvMVShKUvX2WDu27W
PE9O7b204I6TCDpmlXPUU6E0SoYnFS0FRllsN+EsAnHOyP1sd1TkPMkShbxV1NBW
o16nqDA9A6QIok64MT6rIe4AemEkxGnz1XttIXpu73ZtizJDwddOKk5lxNOY+mD0
a+i2A5tPmw7ATf37CrJeXFfzS7JalYCeUdmXqtzavzeDLJrR9riDrI0AlxxbQvby
6OqkSvHJr70jdS6gH7yTbwy+SDbEb+ONgukLOTmRX2cD1AohZrLlGpydFVesqTkR
nkmrUhiJ5ZyxEYSpdh6tAuAoiEGWt2XYVMmuoYLCkHuvILnVjp6iZ+QocukTwPv8
CWlUQkTb35p+2h3mEDbjGHc64az1HhMiBAnI9EAouVPa7OWsIZub/T+QtN3qtlVt
WTt2GajaQTyaxo1bpadh
=CRVb
-----END PGP SIGNATURE-----
Reply to: