[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2016/dla-435.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dla-435.wml	2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-435.wml	2016-04-18 12:34:34.198317800 +0500
@@ -1,71 +1,72 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>Tomcat 6, an implementation of the Java Servlet and the JavaServer
- -Pages (JSP) specifications and a pure Java web server environment, was
- -affected by multiple security issues prior version 6.0.45.</p>
+<p>Tomcat 6, Ñ?еализаÑ?иÑ? Ñ?пеÑ?иÑ?икаÑ?ий Java Servlet и JavaServer
+Pages (JSP), а Ñ?акже Ñ?иÑ?Ñ?ое Java-окÑ?Ñ?жение длÑ? веб-Ñ?еÑ?веÑ?а,
+Ñ?одеÑ?жиÑ? многоÑ?иÑ?леннÑ?е пÑ?облемÑ? безопаÑ?ноÑ?Ñ?и в веÑ?Ñ?иÑ?Ñ? до веÑ?Ñ?ии 6.0.45.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5174";>CVE-2015-5174</a>
 
- -   <p>Directory traversal vulnerability in RequestUtil.java in Apache
- -   Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27
- -   allows remote authenticated users to bypass intended SecurityManager
- -   restrictions and list a parent directory via a /.. (slash dot dot)
- -   in a pathname used by a web application in a getResource,
- -   getResourceAsStream, or getResourcePaths call, as demonstrated by
- -   the $CATALINA_BASE/webapps directory.</p></li>
+   <p>Ð?бÑ?од каÑ?алога в RequestUtil.java в Apache
+   Tomcat 6.x до веÑ?Ñ?ии 6.0.45, 7.x до веÑ?Ñ?ии 7.0.65 и 8.x до веÑ?Ñ?ии 8.0.27
+   позволÑ?еÑ? Ñ?далÑ?ннÑ?м аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?м полÑ?зоваÑ?елÑ?м обÑ?одиÑ?Ñ? Ñ?пеÑ?иалÑ?нÑ?е огÑ?аниÑ?ениÑ?
+   SecurityManager и Ñ?знаÑ?Ñ? Ñ?одеÑ?жимое Ñ?одиÑ?елÑ?Ñ?кого каÑ?алоге Ñ? помоÑ?Ñ?Ñ? /.. (каÑ?аÑ? Ñ?еÑ?Ñ?а и две Ñ?оÑ?ки)
+   в имени пÑ?Ñ?и, иÑ?полÑ?зÑ?емом веб-пÑ?иложением в вÑ?зоваÑ? getResource,
+   getResourceAsStream или getResourcePaths, Ñ?Ñ?о пÑ?одемонÑ?Ñ?Ñ?иÑ?овано
+   каÑ?алогом $CATALINA_BASE/webapps.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5345";>CVE-2015-5345</a>
 
- -   <p>The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before
- -   7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes
- -   redirects before considering security constraints and Filters, which
- -   allows remote attackers to determine the existence of a directory
- -   via a URL that lacks a trailing / (slash) character.</p></li>
+   <p>Ð?омпоненÑ? Mapper в Apache Tomcat 6.x до веÑ?Ñ?ии 6.0.45, 7.x до веÑ?Ñ?ии
+   7.0.67, 8.x до веÑ?Ñ?ии 8.0.30 и 9.x до веÑ?Ñ?ии 9.0.0.M2 обÑ?абаÑ?Ñ?ваеÑ?
+   пеÑ?енапÑ?авлениÑ? до Ñ?аÑ?Ñ?моÑ?Ñ?ениÑ? к огÑ?аниÑ?ениÑ?м безопаÑ?ноÑ?Ñ?и и Ñ?илÑ?Ñ?Ñ?ам, Ñ?Ñ?о позволÑ?еÑ?
+   Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам опÑ?еделÑ?Ñ?Ñ? Ñ?Ñ?Ñ?еÑ?Ñ?вование каÑ?алога
+   Ñ? помоÑ?Ñ?Ñ? URL, в коÑ?оÑ?ом в конÑ?е оÑ?Ñ?Ñ?Ñ?вÑ?еÑ? Ñ?имвол / (каÑ?аÑ? Ñ?еÑ?Ñ?а).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5351";>CVE-2015-5351</a>
 
- -   <p>The Manager and Host Manager applications in Apache Tomcat
- -   establish sessions and send CSRF tokens for arbitrary new requests,
- -   which allows remote attackers to bypass a CSRF protection mechanism
- -   by using a token.</p></li>
+   <p>Ð?Ñ?иложениÑ? Manager и Host Manager в Apache Tomcat Ñ?Ñ?Ñ?анавливаÑ?Ñ?
+   Ñ?еÑ?Ñ?ии и оÑ?пÑ?авлÑ?Ñ?Ñ? Ñ?окенÑ? CSRF в оÑ?веÑ? на пÑ?оизволÑ?нÑ?е новÑ?е запÑ?оÑ?Ñ?,
+   Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам обÑ?одиÑ?Ñ? меÑ?анизм заÑ?иÑ?Ñ? CSRF,
+   иÑ?полÑ?зÑ?Ñ? Ñ?окенÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0706";>CVE-2016-0706</a>
 
- -   <p>Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before
- -   8.0.31, and 9.x before 9.0.0.M2 does not place
- -   org.apache.catalina.manager.StatusManagerServlet on the org/apache
- -   /catalina/core/RestrictedServlets.properties list, which allows
- -   remote authenticated users to bypass intended SecurityManager
- -   restrictions and read arbitrary HTTP requests, and consequently
- -   discover session ID values, via a crafted web application.</p></li>
+   <p>Apache Tomcat 6.x до веÑ?Ñ?ии 6.0.45, 7.x до веÑ?Ñ?ии 7.0.68, 8.x до веÑ?Ñ?ии
+   8.0.31 и 9.x до веÑ?Ñ?ии 9.0.0.M2 не помеÑ?аеÑ?
+   org.apache.catalina.manager.StatusManagerServlet в Ñ?пиÑ?ок org/apache
+   /catalina/core/RestrictedServlets.properties, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+   аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?м полÑ?зоваÑ?елÑ?м обÑ?одиÑ?Ñ? Ñ?пеÑ?иалÑ?нÑ?е огÑ?аниÑ?ениÑ? SecurityManager
+   и Ñ?Ñ?иÑ?Ñ?ваÑ?Ñ? пÑ?оизволÑ?нÑ?е запÑ?оÑ?Ñ? HTTP, а заÑ?ем и обнаÑ?Ñ?живаÑ?Ñ?
+   знаÑ?ениÑ? иденÑ?иÑ?икаÑ?оÑ?ов Ñ?еÑ?Ñ?ии пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного веб-пÑ?иложениÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0714";>CVE-2016-0714</a>
 
- -   <p>The session-persistence implementation in Apache Tomcat 6.x before
- -   6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before
- -   9.0.0.M2 mishandles session attributes, which allows remote
- -   authenticated users to bypass intended SecurityManager restrictions
- -   and execute arbitrary code in a privileged context via a web
- -   application that places a crafted object in a session.</p></li>
+   <p>РеализаÑ?иÑ? session-persistence в Apache Tomcat 6.x до веÑ?Ñ?ии
+   6.0.45, 7.x до веÑ?Ñ?ии 7.0.68, 8.x до веÑ?Ñ?ии 8.0.31 и 9.x до веÑ?Ñ?ии
+   9.0.0.M2 непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? аÑ?Ñ?ибÑ?Ñ?Ñ? Ñ?еÑ?Ñ?ий, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+   аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?м полÑ?зоваÑ?елÑ?м обÑ?одиÑ?Ñ? Ñ?пеÑ?иалÑ?нÑ?е огÑ?аниÑ?ениÑ? SecurityManager
+   и вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код в пÑ?ивилегиÑ?ованном конÑ?екÑ?Ñ?е Ñ? помоÑ?Ñ?Ñ?
+   веб-пÑ?иложениÑ?, помеÑ?аÑ?Ñ?его в Ñ?еÑ?Ñ?иÑ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й обÑ?екÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0763";>CVE-2016-0763</a>
 
- -   <p>The setGlobalContext method in org/apache/naming/factory
- -   /ResourceLinkFactory.java in Apache Tomcat does not consider whether
- -   ResourceLinkFactory.setGlobalContext callers are authorized, which
- -   allows remote authenticated users to bypass intended SecurityManager
- -   restrictions and read or write to arbitrary application data, or
- -   cause a denial of service (application disruption), via a web
- -   application that sets a crafted global context.</p></li>
+   <p>Ð?еÑ?од setGlobalContext в org/apache/naming/factory
+   /ResourceLinkFactory.java в Apache Tomcat не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? авÑ?оÑ?изаÑ?ии
+   вÑ?зÑ?ваÑ?Ñ?иÑ? Ñ?Ñ?нкÑ?ий ResourceLinkFactory.setGlobalContext, Ñ?Ñ?о позволÑ?еÑ?
+   Ñ?далÑ?ннÑ?м аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?м полÑ?зоваÑ?елÑ?м обÑ?одиÑ?Ñ? Ñ?пеÑ?иалÑ?нÑ?е огÑ?аниÑ?ениÑ? SecurityManager
+   и вÑ?полнÑ?Ñ?Ñ? Ñ?Ñ?ение или запиÑ?Ñ? в пÑ?оизволÑ?нÑ?е даннÑ?е пÑ?иложениÑ?, либо
+   вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (Ñ?бой пÑ?иложениÑ?) пÑ?и помоÑ?и веб-пÑ?иложениÑ?,
+   коÑ?оÑ?ое Ñ?оздаÑ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й глобалÑ?нÑ?й конÑ?екÑ?Ñ?.</p></li>
 
 </ul>
 
- -<p>For Debian 6 <q>Squeeze</q>, these problems have been fixed in version
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии
 6.0.45-1~deb6u1.</p>
 
- -<p>We recommend that you upgrade your tomcat6 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? tomcat6.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXFI4qAAoJEF7nbuICFtKlIM0P/RRgAo2S1aWW5MMwnSbrfrEY
8z+R1Xso9JkXA2lwqm/MwD6Dr/ZaIQ5CwDauofBxbjG2wdud/Yq0VEh6MU7ufk9f
V5hGVMdyyxWBXIgJsnFe/pXrAbpGl4UNnnd1WZ9SlCeMDD1jxcOfNkAK/4GPAzW2
9HfSLXq6RcHo5Wfrser/oNTryDmffO9JRChufdlAPGgMudwfkWaUBPVwWk6TK1R8
ZV7AZXD2uZU1V1Ci9jawhA58VTb8TZeYco7iwCCiLd7zpDKMtuXwPcjsLsyl3C8l
a/cHaiPx0JPgD8atgr7vgWwhy3wS+Wu8KlHTFPS3xFg1nxEsK15Yi7tV2lkHV2nJ
pUIG607IcUAp3GnTRHzsIeuPRoowj6bA1iHtbO/c7gDFIym/k8wg2pt9fKZY2Qwv
2IQnVCHhDiLqmTE7QKSQK6GuO3TcnBGy1yC+VEN/IGkXdpRFZ1Bel6VMTlYJ6srX
AcKGPFuSDvgbt1SCaZYF+hKPfRPeAp3R/PaNRc0J8B2BNJDYRXDzdenB7Br0+ctx
ESgObq2ygb1qLNxJS98hSs2z15KGvZIhGehF+j/NNKmgpsZi5TeUsHyqxI+Bz7Hm
aNN9TVyPNx5hAqrGDrXZDsGXLR5LZhZDse34ToKwufNBKyJsdDDMw+/B2PZ9ACmy
WNDBHFWkxoRrezdTSrS/
=9mMw
-----END PGP SIGNATURE-----
Reply to: