[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2016/dla-400.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dla-400.wml	2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-400.wml	2016-04-18 12:19:50.182760075 +0500
@@ -1,53 +1,54 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>This update fixes certain known vulnerabilities in pound in squeeze-lts by
- -backporting the version in wheezy.</p>
+<p>Ð?анное обновление иÑ?пÑ?авлÑ?еÑ? некоÑ?оÑ?Ñ?е извеÑ?Ñ?нÑ?е Ñ?Ñ?звимоÑ?Ñ?и в pound в вÑ?пÑ?Ñ?ке squeeze-lts
+пÑ?Ñ?Ñ?м обÑ?аÑ?ного пеÑ?еноÑ?а веÑ?Ñ?ии из вÑ?пÑ?Ñ?ка wheezy.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2009-3555";>CVE-2009-3555</a>
 
- -    <p>The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
- -    used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
- -    in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
- -    GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
- -    3.12.4 and earlier, multiple Cisco products, and other products,
- -    does not properly associate renegotiation handshakes with an
- -    existing connection, which allows man-in-the-middle attackers to
- -    insert data into HTTPS sessions, and possibly other types of
- -    sessions protected by TLS or SSL, by sending an unauthenticated
- -    request that is processed retroactively by a server in a
- -    post-renegotiation context, related to a <q>plaintext injection</q>
- -    attack, aka the <q>Project Mogul</q> issue.</p></li>
+    <p>Ð?Ñ?оÑ?окол TLS, пÑ?оÑ?окол SSL 3.0 и возможно более Ñ?анниÑ? веÑ?Ñ?ий, иÑ?полÑ?зÑ?емÑ?е
+    в Microsoft Internet Information Services (IIS) 7.0, mod_ssl
+    в HTTP-Ñ?еÑ?веÑ?е Apache 2.2.14 и более Ñ?анниÑ? веÑ?Ñ?иÑ?Ñ?, OpenSSL до веÑ?Ñ?ии 0.9.8l,
+    GnuTLS 2.8.5 и более Ñ?анниÑ? веÑ?Ñ?иÑ?Ñ?, Mozilla Network Security Services (NSS)
+    3.12.4 и более Ñ?анниÑ? веÑ?Ñ?иÑ?Ñ?, многоÑ?иÑ?леннÑ?Ñ? пÑ?одÑ?кÑ?аÑ? Cisco, а Ñ?акже дÑ?Ñ?гиÑ? пÑ?одÑ?кÑ?аÑ?,
+    непÑ?авилÑ?но аÑ?Ñ?оÑ?ииÑ?Ñ?Ñ?Ñ? Ñ?Ñ?копожаÑ?иÑ? повÑ?оÑ?нÑ?Ñ? Ñ?оглаÑ?ований длÑ?
+    Ñ?Ñ?Ñ?еÑ?Ñ?вÑ?Ñ?Ñ?иÑ? Ñ?оединений, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам, вÑ?полнÑ?Ñ?Ñ?им аÑ?аки по пÑ?инÑ?ипÑ?
+    Ñ?еловек-в-Ñ?еÑ?едине, вÑ?Ñ?авлÑ?Ñ?Ñ? даннÑ?е в Ñ?еÑ?Ñ?ии HTTPS, а, веÑ?оÑ?Ñ?но, и в дÑ?Ñ?гие
+    видÑ? Ñ?еÑ?Ñ?ий, заÑ?иÑ?Ñ?ннÑ?Ñ? Ñ? помоÑ?Ñ?Ñ? TLS или SSL, пÑ?Ñ?Ñ?м оÑ?пÑ?авки неаÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованного
+    запÑ?оÑ?а, коÑ?оÑ?Ñ?й обÑ?абаÑ?Ñ?ваеÑ?Ñ?Ñ? Ñ?еÑ?веÑ?ом задним Ñ?иÑ?лом в
+    конÑ?екÑ?Ñ?е, Ñ?озданном поÑ?ле повÑ?оÑ?ного Ñ?оглаÑ?ованиÑ?, Ñ?Ñ?о Ñ?вÑ?зано Ñ? аÑ?акой <q>инÑ?екÑ?иÑ?
+    оÑ?кÑ?Ñ?Ñ?ого Ñ?екÑ?Ñ?а</q>, извеÑ?Ñ?ной Ñ?акже как пÑ?облема <q>Project Mogul</q>.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2011-3389";>CVE-2011-3389</a>
 
- -    <p>The SSL protocol, as used in certain configurations in Microsoft
- -    Windows and Microsoft Internet Explorer, Mozilla Firefox, Google
- -    Chrome, Opera, and other products, encrypts data by using CBC mode
- -    with chained initialization vectors, which allows man-in-the-middle
- -    attackers to obtain plaintext HTTP headers via a blockwise
- -    chosen-boundary attack (BCBA) on an HTTPS session, in conjunction
- -    with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the
- -    Java URLConnection API, or (3) the Silverlight WebClient API, aka a
- -    <q>BEAST</q> attack.</p></li>
+    <p>Ð?Ñ?оÑ?окол SSL, иÑ?полÑ?зÑ?емÑ?й пÑ?и некоÑ?оÑ?Ñ?Ñ? наÑ?Ñ?Ñ?ойкаÑ? в Microsoft
+    Windows и Microsoft Internet Explorer, Mozilla Firefox, Google
+    Chrome, Opera и дÑ?Ñ?гиÑ? пÑ?одÑ?кÑ?аÑ?, Ñ?иÑ?Ñ?Ñ?еÑ? даннÑ?е, иÑ?полÑ?зÑ?Ñ? Ñ?ежим CBC
+    Ñ? Ñ?Ñ?епленнÑ?ми векÑ?оÑ?ами иниÑ?иализаÑ?ии, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам, вÑ?полнÑ?Ñ?Ñ?им аÑ?аки
+    по пÑ?инÑ?ипÑ? Ñ?еловек-в-Ñ?еÑ?едине, полÑ?Ñ?аÑ?Ñ? заголовки HTTP в виде оÑ?кÑ?Ñ?Ñ?ого Ñ?екÑ?Ñ?а Ñ? помоÑ?Ñ?Ñ? аÑ?аки
+    по блокам (BCBA) на Ñ?еÑ?Ñ?иÑ? HTTPS вмеÑ?Ñ?е Ñ?
+    кодом на JavaScript, иÑ?полÑ?зÑ?Ñ?Ñ?им (1) HTML5 WebSocket API, (2) Java
+    URLConnection API или (3) Silverlight WebClient API, Ñ?Ñ?о извеÑ?Ñ?но как
+    аÑ?ака <q>BEAST</q>.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-4929";>CVE-2012-4929</a>
 
- -    <p>The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google
- -    Chrome, Qt, and other products, can encrypt compressed data without
- -    properly obfuscating the length of the unencrypted data, which
- -    allows man-in-the-middle attackers to obtain plaintext HTTP headers
- -    by observing length differences during a series of guesses in which
- -    a string in an HTTP request potentially matches an unknown string in
- -    an HTTP header, aka a <q>CRIME</q> attack.</p></li>
+    <p>Ð?Ñ?оÑ?окол TLS 1.2 или более Ñ?анниÑ? веÑ?Ñ?ий, иÑ?полÑ?зÑ?емÑ?й в Mozilla Firefox, Google
+    Chrome, Qt и дÑ?Ñ?гиÑ? пÑ?одÑ?кÑ?аÑ?, можеÑ? заÑ?иÑ?Ñ?овÑ?ваÑ?Ñ? Ñ?жаÑ?Ñ?е даннÑ?е без
+    пÑ?едваÑ?иÑ?елÑ?ного изменениÑ? длинÑ? незаÑ?иÑ?Ñ?ованнÑ?Ñ? даннÑ?Ñ?, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам,
+    вÑ?полнÑ?Ñ?Ñ?им аÑ?аки по пÑ?инÑ?ипÑ? Ñ?еловек-в-Ñ?еÑ?едине, полÑ?Ñ?аÑ?Ñ? заголовки HTTP в виде оÑ?кÑ?Ñ?Ñ?ого
+    Ñ?екÑ?Ñ?а пÑ?Ñ?Ñ?м Ñ?Ñ?авнениÑ? длин даннÑ?Ñ? в Ñ?оде пÑ?овеÑ?ки Ñ?еÑ?ии пÑ?едположений, в коÑ?оÑ?Ñ?Ñ?
+    Ñ?Ñ?Ñ?ока в запÑ?оÑ?е HTTP поÑ?енÑ?иалÑ?но Ñ?овпадаеÑ? Ñ? неизвеÑ?Ñ?ной Ñ?Ñ?Ñ?окой в
+    заголовке HTTP, Ñ?Ñ?о Ñ?акже извеÑ?Ñ?но как аÑ?ака <q>CRIME</q>.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3566";>CVE-2014-3566</a>
 
- -    <p>The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
- -    products, uses nondeterministic CBC padding, which makes it easier
- -    for man-in-the-middle attackers to obtain cleartext data via a
- -    padding-oracle attack, aka the <q>POODLE</q> issue.</p></li>
+    <p>Ð?Ñ?оÑ?окол SSL 3.0, иÑ?полÑ?зÑ?емÑ?й в OpenSSL в 1.0.1i и дÑ?Ñ?гиÑ?
+    пÑ?одÑ?кÑ?аÑ?, иÑ?полÑ?зÑ?еÑ? недеÑ?еÑ?миниÑ?ованное добавление биÑ?ов заполниÑ?елÑ?, Ñ?Ñ?о Ñ?пÑ?оÑ?аеÑ?
+    злоÑ?мÑ?Ñ?ленника, вÑ?полнÑ?Ñ?Ñ?им аÑ?аки по пÑ?инÑ?ипÑ? Ñ?еловек-в-Ñ?еÑ?едине, полÑ?Ñ?аÑ?Ñ? даннÑ?е в виде оÑ?кÑ?Ñ?Ñ?ого Ñ?екÑ?Ñ?а Ñ? помоÑ?Ñ?Ñ?
+    аÑ?аки на оÑ?акÑ?л заполниÑ?елÑ?, Ñ?Ñ?о Ñ?акже извеÑ?Ñ?но как пÑ?облема <q>POODLE</q>.</p></li>
 
 </ul>
 </define-tag>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXFIqdAAoJEF7nbuICFtKlPJwP/2I3hj/p5AllEM2WdaoEy5Bv
E29k5UMgqSw1i9D1aiHc7M2FoZhWgqqMRQWXjaY1xZBDOV+6A6bgXxjFxGiroENS
LDT8LH2S/agG8gOUKRV/lB4SSJzuKUhTTKgWJ3FFKXT2luv3sRX010//ncwSuCwn
Dq7iqaae2GWCH3blbZyQaRYJr5whv2XZPvDPf46DOA+B0mygqP3h42Rt9Oadjdgj
oXmP7WPC1a3mzPiWqKohVrrRCuebGQCwBiUP3mHlkvcFTtXh6UOsxanejUde/n5p
pR+dBhh7aGa3vP84YwSJaMG+gLETlA9rbt7nfIrsLRelKQ5bJeP1B4NWEUgiZ2dz
mH/ISYg08/uygGr1rwksacZeAsU3640pazHxQR2qK3EFZgQktbttTGF7QzSPvijr
QjGH3gVSLaCOk50ed7vTrQwwoL2wDEEj6q2pdHPlhdh1fplZEYhd5Fvvdh0oXOnl
t5IRbpCND8kB++OZFhvXKdKepWDQZeKY2VinoOglp2i8PD+SDu2rf9Me7QUBqTlH
W2N4DPgi98TjEaIVYihk555mpag4BWCLgb4XfDlQ65ZJGaiyQCGVimYRtiqolXzT
qY/R9R4x/34W6l9SO+8gZsoQHbCxhaKdnnUboSyySSODR6yDMsNOE/BlGi9gNNI1
v0Rfybn9w1y/1X+5sdFf
=LcXX
-----END PGP SIGNATURE-----
Reply to: