[DONE] wml://{security/2016/dla-444.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2016/dla-444.wml 2016-04-09 11:29:07.569044973 +0500
+++ russian/security/2016/dla-444.wml 2016-04-14 00:31:09.930182345 +0500
@@ -1,39 +1,40 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-2305">CVE-2015-2305</a>
- - <p>Integer overflow in the regcomp implementation in the Henry
- - Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on
- - 32-bit platforms, as used in NetBSD through 6.1.5 and other
- - products, might allow context-dependent attackers to execute
- - arbitrary code via a large regular expression that leads to
- - a heap-based buffer overflow.</p></li>
+ <p>Ð?еÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в Ñ?еализаÑ?ии regcomp в библиоÑ?еке Ñ?егÑ?лÑ?Ñ?нÑ?Ñ?
+ вÑ?Ñ?ажений Henry Spencer BSD (извеÑ?Ñ?ной Ñ?акже как rxspencer) веÑ?Ñ?ии alpha3.8.g5 на
+ 32-биÑ?нÑ?Ñ? плаÑ?Ñ?оÑ?маÑ?, иÑ?полÑ?зÑ?емой в NetBSD по веÑ?Ñ?иÑ? 6.1.5, а Ñ?акже в дÑ?Ñ?гиÑ?
+ пÑ?одÑ?кÑ?аÑ? можеÑ? в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а позволиÑ?Ñ? злоÑ?мÑ?Ñ?ленникам вÑ?полниÑ?Ñ?
+ пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? Ñ?лиÑ?ком болÑ?Ñ?ого Ñ?егÑ?лÑ?Ñ?ного вÑ?Ñ?ажениÑ?, пÑ?иводÑ?Ñ?его к
+ пеÑ?еполнениÑ? динамиÑ?еÑ?кой памÑ?Ñ?и.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-2348">CVE-2015-2348</a>
- - <p>The move_uploaded_file implementation in
- - ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x
- - before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon
- - encountering a \x00 character, which allows remote attackers to
- - bypass intended extension restrictions and create files with
- - unexpected names via a crafted second argument.</p>
- - <p><b>Note</b>: this vulnerability exists because of an incomplete fix for
+ <p>РеализаÑ?иÑ? move_uploaded_file в
+ ext/standard/basic_functions.c в PHP до веÑ?Ñ?ии 5.4.39, в веÑ?ке 5.5.x
+ до веÑ?Ñ?ии 5.5.23 и в веÑ?ке 5.6.x до веÑ?Ñ?ии 5.6.7 обÑ?езаеÑ? пÑ?Ñ?Ñ? до
+ Ñ?имвола \x00, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+ обÑ?одиÑ?Ñ? огÑ?аниÑ?ениÑ? Ñ?аÑ?Ñ?иÑ?ений и Ñ?оздаваÑ?Ñ? Ñ?айлÑ? Ñ?
+ неожиданнÑ?ми именами пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного вÑ?оÑ?ого аÑ?гÑ?менÑ?а.</p>
+ <p><b>Ð?нимание</b>: Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? имееÑ? меÑ?Ñ?о из-за неполного иÑ?пÑ?авлениÑ?
<a href="https://security-tracker.debian.org/tracker/CVE-2006-7243">CVE-2006-7243</a>.</p></li>
- -<li>CVE-2016-tmp, Bug #71039
- - <p>exec functions ignore length but look for NULL termination</p></li>
- -<li>CVE-2016-tmp, Bug #71089
- - <p>No check to duplicate zend_extension</p></li>
- -<li>CVE-2016-tmp, Bug #71201
- - <p>round() segfault on 64-bit builds</p></li>
- -<li>CVE-2016-tmp, Bug #71459
- - <p>Integer overflow in iptcembed()</p></li>
- -<li>CVE-2016-tmp, Bug #71354
- - <p>Heap corruption in tar/zip/phar parser</p></li>
- -<li>CVE-2016-tmp, Bug #71391
- - <p>NULL Pointer Dereference in phar_tar_setupmetadata()</p></li>
- -<li>CVE-2016-tmp, Bug #70979
- - <p>Crash on bad SOAP request</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71039
+ <p>ФÑ?нкÑ?ии exec игноÑ?иÑ?Ñ?Ñ?Ñ? длинÑ?, но Ñ?ледÑ?Ñ? за завеÑ?Ñ?ением NULL-Ñ?казаÑ?елÑ?</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71089
+ <p>Ð?Ñ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? пÑ?овеÑ?ка дÑ?бликаÑ?а zend_extension</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71201
+ <p>round() пÑ?иводиÑ? к оÑ?ибке Ñ?егменÑ?иÑ?ованиÑ? на Ñ?боÑ?каÑ? под 64-биÑ?</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71459
+ <p>Ð?еÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в iptcembed()</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71354
+ <p>Ð?овÑ?еждение Ñ?одеÑ?жимого динамиÑ?еÑ?кой памÑ?Ñ?и в коде длÑ? гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а tar/zip/phar</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71391
+ <p>РазÑ?менование NULL-Ñ?казаÑ?елÑ? в phar_tar_setupmetadata()</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #70979
+ <p>Ð?ваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?и плоÑ?ом SOAP-запÑ?оÑ?е</p></li>
</ul>
</define-tag>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXDp6BAAoJEF7nbuICFtKlGp0QAJzvkAjmPliPm13kD5sjAsvL
0RC8KvGLtfzwVm488ieJCAF7uvdj+KSjilBqGPRZVWnYuvgCr8E7OUrE3zdsm6to
ImazpqmbB0MXARr0C7jxN8q8ofijFpk9GvDKnHaxMtwuKqrB4pN0HBcSr+/PHlsD
jQ6waAfALDIaLk0b2blN5cfv5c/NC+FrDzYp4IDYE+WmQr+KDb7iz950UhqPqTfO
xUkyqL9tYf4N5gTtZ5YpaDD/RwDSvOmZTOEzCaTJ0znT4MgujoWxApefDGZJ2BMf
krquqQGZ3nxYRzaQIBbrfYyWavn/Sns5Fw4PMNta9Ax2ZHlEb+V785fnmixz1d5v
U87gnpRTfpIDQHHnXFckh6OCZhNJPjlgtL6+ADSgKXNRrBv+qqF5ekmXT0vBUzLt
Hye4xlGx2B3bQCkn6a4h2wYJgSTTc8+wvW20/YP1rPmVmbNlTirhWC9TM+KYqh2b
nFr9rO2tx2D7QRfSUe4ySKG+udW/0EtHXvUJ9c7MmzMzXQRd4vsqa5AcYYVZ1KwY
2fOHFDbBqj7b3wKhpb5E3HHP347Jt3kEMHmOSGXAcgLO6g/9lXN4DM6C6OMIlVHa
5Tw/58bvTwWXPqq360jIPSfpRXSxbnJcE8+oOQK/hqa3c/BJEPhwJmV16DydzEh2
hw05FY8D3UDy2dcl8F+p
=pTXq
-----END PGP SIGNATURE-----
Reply to: