[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2016/dla-444.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dla-444.wml	2016-04-09 11:29:07.569044973 +0500
+++ russian/security/2016/dla-444.wml	2016-04-14 00:31:09.930182345 +0500
@@ -1,39 +1,40 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-2305";>CVE-2015-2305</a>
 
- -   <p>Integer overflow in the regcomp implementation in the Henry
- -   Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on
- -   32-bit platforms, as used in NetBSD through 6.1.5 and other
- -   products, might allow context-dependent attackers to execute
- -   arbitrary code via a large regular expression that leads to
- -   a heap-based buffer overflow.</p></li>
+   <p>Ð?еÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в Ñ?еализаÑ?ии regcomp в библиоÑ?еке Ñ?егÑ?лÑ?Ñ?нÑ?Ñ?
+   вÑ?Ñ?ажений Henry Spencer BSD (извеÑ?Ñ?ной Ñ?акже как rxspencer) веÑ?Ñ?ии alpha3.8.g5 на
+   32-биÑ?нÑ?Ñ? плаÑ?Ñ?оÑ?маÑ?, иÑ?полÑ?зÑ?емой в NetBSD по веÑ?Ñ?иÑ? 6.1.5, а Ñ?акже в дÑ?Ñ?гиÑ?
+   пÑ?одÑ?кÑ?аÑ? можеÑ? в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а позволиÑ?Ñ? злоÑ?мÑ?Ñ?ленникам вÑ?полниÑ?Ñ?
+   пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? Ñ?лиÑ?ком болÑ?Ñ?ого Ñ?егÑ?лÑ?Ñ?ного вÑ?Ñ?ажениÑ?, пÑ?иводÑ?Ñ?его к
+   пеÑ?еполнениÑ? динамиÑ?еÑ?кой памÑ?Ñ?и.</p></li>
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-2348";>CVE-2015-2348</a>
- -   <p>The move_uploaded_file implementation in
- -   ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x
- -   before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon
- -   encountering a \x00 character, which allows remote attackers to
- -   bypass intended extension restrictions and create files with
- -   unexpected names via a crafted second argument.</p>
- -   <p><b>Note</b>: this vulnerability exists because of an incomplete fix for
+   <p>РеализаÑ?иÑ? move_uploaded_file в
+   ext/standard/basic_functions.c в PHP до веÑ?Ñ?ии 5.4.39, в веÑ?ке 5.5.x
+   до веÑ?Ñ?ии 5.5.23 и в веÑ?ке 5.6.x до веÑ?Ñ?ии 5.6.7 обÑ?езаеÑ? пÑ?Ñ?Ñ? до
+   Ñ?имвола \x00, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+   обÑ?одиÑ?Ñ? огÑ?аниÑ?ениÑ? Ñ?аÑ?Ñ?иÑ?ений и Ñ?оздаваÑ?Ñ? Ñ?айлÑ? Ñ?
+   неожиданнÑ?ми именами пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного вÑ?оÑ?ого аÑ?гÑ?менÑ?а.</p>
+   <p><b>Ð?нимание</b>: Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? имееÑ? меÑ?Ñ?о из-за неполного иÑ?пÑ?авлениÑ?
          <a href="https://security-tracker.debian.org/tracker/CVE-2006-7243";>CVE-2006-7243</a>.</p></li>
- -<li>CVE-2016-tmp, Bug #71039
- -   <p>exec functions ignore length but look for NULL termination</p></li>
- -<li>CVE-2016-tmp, Bug #71089
- -   <p>No check to duplicate zend_extension</p></li>
- -<li>CVE-2016-tmp, Bug #71201
- -   <p>round() segfault on 64-bit builds</p></li>
- -<li>CVE-2016-tmp, Bug #71459
- -   <p>Integer overflow in iptcembed()</p></li>
- -<li>CVE-2016-tmp, Bug #71354
- -   <p>Heap corruption in tar/zip/phar parser</p></li>
- -<li>CVE-2016-tmp, Bug #71391
- -   <p>NULL Pointer Dereference in phar_tar_setupmetadata()</p></li>
- -<li>CVE-2016-tmp, Bug #70979
- -   <p>Crash on bad SOAP request</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71039
+   <p>ФÑ?нкÑ?ии exec игноÑ?иÑ?Ñ?Ñ?Ñ? длинÑ?, но Ñ?ледÑ?Ñ? за завеÑ?Ñ?ением NULL-Ñ?казаÑ?елÑ?</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71089
+   <p>Ð?Ñ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?еÑ? пÑ?овеÑ?ка дÑ?бликаÑ?а zend_extension</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71201
+   <p>round() пÑ?иводиÑ? к оÑ?ибке Ñ?егменÑ?иÑ?ованиÑ? на Ñ?боÑ?каÑ? под 64-биÑ?</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71459
+   <p>Ð?еÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в iptcembed()</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71354
+   <p>Ð?овÑ?еждение Ñ?одеÑ?жимого динамиÑ?еÑ?кой памÑ?Ñ?и в коде длÑ? гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а tar/zip/phar</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #71391
+   <p>РазÑ?менование NULL-Ñ?казаÑ?елÑ? в phar_tar_setupmetadata()</p></li>
+<li>CVE-2016-tmp, оÑ?ибка #70979
+   <p>Ð?ваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?и плоÑ?ом SOAP-запÑ?оÑ?е</p></li>
 
 </ul>
 </define-tag>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXDp6BAAoJEF7nbuICFtKlGp0QAJzvkAjmPliPm13kD5sjAsvL
0RC8KvGLtfzwVm488ieJCAF7uvdj+KSjilBqGPRZVWnYuvgCr8E7OUrE3zdsm6to
ImazpqmbB0MXARr0C7jxN8q8ofijFpk9GvDKnHaxMtwuKqrB4pN0HBcSr+/PHlsD
jQ6waAfALDIaLk0b2blN5cfv5c/NC+FrDzYp4IDYE+WmQr+KDb7iz950UhqPqTfO
xUkyqL9tYf4N5gTtZ5YpaDD/RwDSvOmZTOEzCaTJ0znT4MgujoWxApefDGZJ2BMf
krquqQGZ3nxYRzaQIBbrfYyWavn/Sns5Fw4PMNta9Ax2ZHlEb+V785fnmixz1d5v
U87gnpRTfpIDQHHnXFckh6OCZhNJPjlgtL6+ADSgKXNRrBv+qqF5ekmXT0vBUzLt
Hye4xlGx2B3bQCkn6a4h2wYJgSTTc8+wvW20/YP1rPmVmbNlTirhWC9TM+KYqh2b
nFr9rO2tx2D7QRfSUe4ySKG+udW/0EtHXvUJ9c7MmzMzXQRd4vsqa5AcYYVZ1KwY
2fOHFDbBqj7b3wKhpb5E3HHP347Jt3kEMHmOSGXAcgLO6g/9lXN4DM6C6OMIlVHa
5Tw/58bvTwWXPqq360jIPSfpRXSxbnJcE8+oOQK/hqa3c/BJEPhwJmV16DydzEh2
hw05FY8D3UDy2dcl8F+p
=pTXq
-----END PGP SIGNATURE-----
Reply to: