[DONE] wml://{security/2016/dla-410.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2016/dla-410.wml 2016-04-08 01:54:44.000000000 +0500
+++ russian/security/2016/dla-410.wml 2016-04-18 12:49:51.443626212 +0500
@@ -1,84 +1,85 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in OpenJDK, an
- -implementation of the Oracle Java platform, resulting in breakouts of
- -the Java sandbox, information disclosure, denial of service and insecure
- -cryptography.</p>
+<p>Ð? OpenJDK, Ñ?еализаÑ?ии плаÑ?Ñ?оÑ?мÑ? Oracle Java, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко
+Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е пÑ?иводÑ?Ñ? к вÑ?Ñ?одÑ? за пÑ?еделÑ?
+пеÑ?оÑ?ниÑ?Ñ? Java, Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? инÑ?оÑ?маÑ?ии, оÑ?казам в обÑ?лÑ?живании и небезопаÑ?номÑ?
+Ñ?иÑ?Ñ?ованиÑ?.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7575">CVE-2015-7575</a>
- - <p>A flaw was found in the way TLS 1.2 could use the MD5 hash
- - function for signing ServerKeyExchange and Client
- - Authentication packets during a TLS handshake.</p></li>
+ <p>Ð?Ñ?ла обнаÑ?Ñ?жена Ñ?Ñ?звимоÑ?Ñ?Ñ? в Ñ?поÑ?обе иÑ?полÑ?зованиÑ? TLS 1.2 Ñ?еÑ?-Ñ?Ñ?нкÑ?ии MD5
+ длÑ? подпиÑ?Ñ?ваниÑ? пакеÑ?ов ServerKeyExchange и Client
+ Authentication во вÑ?емÑ? Ñ?Ñ?копожаÑ?иÑ? TLS.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8126">CVE-2015-8126</a>
- - <p>Multiple buffer overflows in the (1) png_set_PLTE and (2)
- - png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x
- - before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before
- - 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause
- - a denial of service (application crash) or possibly have
- - unspecified other impact via a small bit-depth value in an IHDR
- - (aka image header) chunk in a PNG image.</p></li>
+ <p>Ð?ногоÑ?иÑ?леннÑ?е пеÑ?еполнениÑ? бÑ?Ñ?еÑ?а в Ñ?Ñ?нкÑ?иÑ?Ñ? (1) png_set_PLTE и (2)
+ png_get_PLTE в libpng до веÑ?Ñ?ии 1.0.64, 1.1.x до веÑ?Ñ?ии 1.2.x
+ до веÑ?Ñ?ии 1.2.54, 1.3.x и 1.4.x до веÑ?Ñ?ии 1.4.17, 1.5.x до веÑ?Ñ?ии
+ 1.5.24 и 1.6.x до веÑ?Ñ?ии 1.6.19 позволÑ?Ñ?Ñ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ?
+ оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?), либо могÑ?Ñ? как-Ñ?о по-дÑ?Ñ?гомÑ?
+ влиÑ?Ñ?Ñ? на безопаÑ?ноÑ?Ñ?Ñ?. Ð?еÑ?еполнениÑ? бÑ?Ñ?еÑ?а вÑ?зÑ?ваÑ?Ñ?Ñ?Ñ? пÑ?и помоÑ?и неболÑ?Ñ?ого знаÑ?ениÑ? глÑ?бинÑ? Ñ?веÑ?а в Ñ?аÑ?Ñ?и IHDR
+ (извеÑ?Ñ?ной как заголовок изобÑ?ажениÑ?) в изобÑ?ажении PNG.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-8472">CVE-2015-8472</a>
- - <p>Buffer overflow in the png_set_PLTE function in libpng before
- - 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before
- - 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows
- - remote attackers to cause a denial of service (application
- - crash) or possibly have unspecified other impact via a small
- - bit-depth value in an IHDR (aka image header) chunk in a PNG
- - image. NOTE: this vulnerability exists because of an incomplete
- - fix for <a href="https://security-tracker.debian.org/tracker/CVE-2015-8126">CVE-2015-8126</a>.</p></li>
+ <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в Ñ?Ñ?нкÑ?ии png_set_PLTE в libpng до веÑ?Ñ?ии
+ 1.0.65, 1.1.x и 1.2.x до веÑ?Ñ?ии 1.2.55, 1.3.x, 1.4.x до веÑ?Ñ?ии
+ 1.4.18, 1.5.x до веÑ?Ñ?ии 1.5.25 и 1.6.x до веÑ?Ñ?ии 1.6.20 позволÑ?еÑ?
+ Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка
+ пÑ?иложениÑ?), либо могÑ?Ñ? как-Ñ?о по-дÑ?Ñ?гомÑ? влиÑ?Ñ?Ñ? на безопаÑ?ноÑ?Ñ?Ñ?. Ð?еÑ?еполнение бÑ?Ñ?еÑ?а вÑ?зÑ?ваеÑ?Ñ?Ñ? пÑ?и помоÑ?и
+ неболÑ?Ñ?ого знаÑ?ениÑ? глÑ?бинÑ? Ñ?веÑ?а в Ñ?аÑ?Ñ?и IHDR (извеÑ?Ñ?ной как заголовок изобÑ?ажениÑ?) в изобÑ?ажении
+ PNG. Ð?Ð?Ð?Ð?Ð?Ð?Ð?Ð?: Ñ?Ñ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? имееÑ? меÑ?Ñ?о из-за неполного
+ иÑ?пÑ?авлениÑ? <a href="https://security-tracker.debian.org/tracker/CVE-2015-8126">CVE-2015-8126</a>.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0402">CVE-2016-0402</a>
- - <p>Unspecified vulnerability in the Java SE and Java SE Embedded
- - components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE
- - Embedded 8u65 allows remote attackers to affect integrity via
- - unknown vectors related to Networking.</p></li>
+ <p>Ð?еÑ?казаннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? в компоненÑ?аÑ? Java SE и Java SE Embedded
+ в Oracle Java SE 6u105, 7u91 и 8u66, а Ñ?акже в Java SE
+ Embedded 8u65 позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам влиÑ?Ñ?Ñ? на Ñ?елоÑ?Ñ?ноÑ?Ñ?Ñ? даннÑ?Ñ? пÑ?и помоÑ?и
+ неизвеÑ?Ñ?нÑ?Ñ? векÑ?оÑ?ов, Ñ?вÑ?заннÑ?Ñ? Ñ? поддеÑ?жкой Ñ?абоÑ?Ñ? Ñ?еÑ?и.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0448">CVE-2016-0448</a>
- - <p>Unspecified vulnerability in the Java SE and Java SE Embedded
- - components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE
- - Embedded 8u65 allows remote authenticated users to affect
- - confidentiality via vectors related to JMX.</p></li>
+ <p>Ð?еÑ?казаннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? в компоненÑ?аÑ? Java SE и Java SE Embedded
+ в Oracle Java SE 6u105, 7u91 и 8u66, а Ñ?акже в Java SE
+ Embedded 8u65 позволÑ?еÑ? Ñ?далÑ?ннÑ?м аÑ?Ñ?енÑ?иÑ?иÑ?иÑ?ованнÑ?м полÑ?зоваÑ?елÑ?м влиÑ?Ñ?Ñ? на
+ конÑ?иденÑ?иалÑ?ноÑ?Ñ?Ñ? пÑ?и помоÑ?и векÑ?оÑ?ов, Ñ?вÑ?заннÑ?Ñ? Ñ? JMX.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0466">CVE-2016-0466</a>
- - <p>It was discovered that the JAXP component in OpenJDK did not
- - properly enforce the totalEntitySizeLimit limit. An attacker
- - able to make a Java application process a specially crafted XML
- - file could use this flaw to make the application consume an
- - excessive amount of memory.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о компоненÑ? JAXP в OpenJDK непÑ?авилÑ?но
+ Ñ?ледиÑ? за Ñ?облÑ?дением огÑ?аниÑ?ениÑ? totalEntitySizeLimit. Ð?лоÑ?мÑ?Ñ?ленник,
+ Ñ?поÑ?обнÑ?й заÑ?Ñ?авиÑ?Ñ? Java-пÑ?иложение обÑ?абаÑ?Ñ?ваÑ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й Ñ?айл
+ XML, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? Ñ?ого, Ñ?Ñ?обÑ? Ñ?Ñ?о пÑ?иложение
+ иÑ?полÑ?зовало Ñ?Ñ?езмеÑ?нÑ?й обÑ?Ñ?м памÑ?Ñ?и.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0483">CVE-2016-0483</a>
- - <p>Unspecified vulnerability in the Java SE, Java SE Embedded, and
- - JRockit components in Oracle Java SE 6u105, 7u91, and 8u66;
- - Java SE Embedded 8u65; and JRockit R28.3.8 allows remote
- - attackers to affect confidentiality, integrity, and
- - availability via vectors related to AWT.</p></li>
+ <p>Ð?еÑ?казаннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? в компоненÑ?аÑ? Java SE, Java SE Embedded и
+ JRockit в Oracle Java SE 6u105, 7u91 и 8u66, а Ñ?акже
+ Java SE Embedded 8u65 и JRockit R28.3.8 позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+ злоÑ?мÑ?Ñ?ленникам влиÑ?Ñ?Ñ? на конÑ?иденÑ?иалÑ?ноÑ?Ñ?Ñ?, Ñ?елоÑ?Ñ?ноÑ?Ñ?Ñ? даннÑ?Ñ? и
+ доÑ?Ñ?Ñ?пноÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ? векÑ?оÑ?ов, Ñ?вÑ?заннÑ?Ñ? Ñ? AWT.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0494">CVE-2016-0494</a>
- - <p>Unspecified vulnerability in the Java SE and Java SE Embedded
- - components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE
- - Embedded 8u65 allows remote attackers to affect
- - confidentiality, integrity, and availability via
- - unknown vectors related to 2D.</p></li>
+ <p>Ð?еÑ?казаннаÑ? Ñ?Ñ?звимоÑ?Ñ?Ñ? в компоненÑ?аÑ? Java SE и Java SE Embedded
+ в Oracle Java SE 6u105, 7u91 и 8u66, а Ñ?акже Java SE
+ Embedded 8u65 позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам влиÑ?Ñ?Ñ?
+ на конÑ?иденÑ?иалÑ?ноÑ?Ñ?Ñ?, Ñ?елоÑ?Ñ?ноÑ?Ñ?Ñ? даннÑ?Ñ? и доÑ?Ñ?Ñ?пноÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ?
+ неизвеÑ?Ñ?нÑ?Ñ? векÑ?оÑ?ов, Ñ?вÑ?заннÑ?Ñ? Ñ? 2D.</p></li>
</ul>
- -<p>For Debian 6 <q>Squeeze</q>, these problems have been fixed in version
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии
6b38-1.13.10-1~deb6u1.</p>
- -<p>We recommend that you upgrade your openjdk-6 packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? openjdk-6.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXFJGiAAoJEF7nbuICFtKlxOwP/2gmZ1OkGWtF+00YnBkyCret
/ZnWKpjsxeptWv3JmxcIhGEvQIXG1YVC3jbo0q0+S908611HOc12p2Rhx6+sQkEO
khJ/ylTqo88ON3PAG56GDyMwfIqKURjtUkFUWJuNXGJiDpRQYLjc1XfhYAWMZpM0
FC5z+8w9Df7d9K/+BBAgE+hfnTHyVx/gL/U5aSYVpCStIhuVSJ6zTUZyB7YjzEm1
6TT6jPz4Vqzh96lk1zfOy+1Q4v9H2JRX57hkTFSZ5jhnJ+Evz0z871bOSC1iTket
TZxFW5s+ptcxvzpEniPWkE3lz6b65I0CqSfJVmYhioZ+Fp80H4r0bm98okTQVJ0F
Iz0D9HZFKuaDe/WutYludzuXxetYauyEUpXwU4zMbXDcMsr528i8E4yr3TjSPR2R
pcLksaXS4bo2pDUBPu5y2P7GB0pV5Mf6JJegP3oPqdgHa1DgJqEov58Vz5pR2Izv
DrmcgLnD3KCQ0XTpRLqxBcxd7v17YkfaxebWC8l9grNH+84Z/KuXOstHqUHzrXGl
/wHl2XTrPp0ahQwnqCmeyD1jHlyRvy6/bPv46IqVLttgigd+9lrkiNdAi9pouFhZ
ZjttM1Ni8yZat9MHCrYAQbxsUj3dShwIFKB4kb060E2jwBP4fTsraQ0bGmxydWxX
UX7TNiJaRa+2uQSaxetg
=zWds
-----END PGP SIGNATURE-----
Reply to: