[DONE] wml://security/2015/dla-{160,233}.wml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2015/dla-160.wml 2016-04-07 03:10:33.000000000 +0500
+++ russian/security/2015/dla-160.wml 2016-05-04 14:03:48.151467870 +0500
@@ -1,38 +1,40 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>This update fixes the CVEs described below.</p>
+<p>Ð?анное обновление иÑ?пÑ?авлÑ?еÑ? опиÑ?аннÑ?е ниже CVE.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0106">CVE-2014-0106</a>
- - <p>Todd C. Miller reported that if the env_reset option is disabled
- - in the sudoers file, the env_delete option is not correctly
- - applied to environment variables specified on the command line. A
- - malicious user with sudo permissions may be able to run arbitrary
- - commands with elevated privileges by manipulating the environment
- - of a command the user is legitimately allowed to run.</p></li>
+ <p>Тодд Ð?иллеÑ? Ñ?ообÑ?ил, Ñ?Ñ?о еÑ?ли опÑ?иÑ? env_reset оÑ?клÑ?Ñ?ена в
+ Ñ?айле sudoers, Ñ?о опÑ?иÑ? env_delete непÑ?авилÑ?но пÑ?именÑ?еÑ?Ñ?Ñ?
+ к пеÑ?еменнÑ?м окÑ?Ñ?жениÑ?, Ñ?казаннÑ?м в командной Ñ?Ñ?Ñ?оке. Ð?лоÑ?мÑ?Ñ?ленник
+ Ñ? пÑ?авами на иÑ?полÑ?зование sudo можеÑ? запÑ?Ñ?Ñ?иÑ?Ñ? пÑ?оизволÑ?нÑ?е
+ командÑ? Ñ? повÑ?Ñ?еннÑ?ми пÑ?авами доÑ?Ñ?Ñ?па пÑ?Ñ?Ñ?м изменениÑ? окÑ?Ñ?жениÑ?
+ командÑ?, коÑ?оÑ?Ñ?Ñ? Ñ?Ñ?омÑ? полÑ?зоваÑ?елÑ? Ñ?азÑ?еÑ?ено запÑ?Ñ?каÑ?Ñ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-9680">CVE-2014-9680</a>
- - <p>Jakub Wilk reported that sudo preserves the TZ variable from a
- - user's environment without any sanitization. A user with sudo
- - access may take advantage of this to exploit bugs in the C library
- - functions which parse the TZ environment variable or to open files
- - that the user would not otherwise be able to open. The latter
- - could potentially cause changes in system behavior when reading
- - certain device special files or cause the program run via sudo to
- - block.</p></li>
+ <p>ЯкÑ?б Ð?илк Ñ?ообÑ?ил, Ñ?Ñ?о sudo Ñ?оÑ?Ñ?анÑ?еÑ? пеÑ?еменнÑ?Ñ? TZ из полÑ?зоваÑ?елÑ?Ñ?кого
+ окÑ?Ñ?жениÑ? без какой-либо еÑ? оÑ?иÑ?Ñ?ки. Ð?олÑ?зоваÑ?елÑ? Ñ? доÑ?Ñ?Ñ?пом к sudo
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?о длÑ? Ñ?ого, Ñ?Ñ?обÑ? иÑ?полÑ?зоваÑ?Ñ? оÑ?ибки в Ñ?Ñ?нкÑ?иÑ?Ñ? библиоÑ?еки
+ C, коÑ?оÑ?Ñ?е вÑ?полнÑ?Ñ?Ñ? гÑ?аммаÑ?иÑ?еÑ?кий Ñ?азбоÑ? пеÑ?еменной окÑ?Ñ?жениÑ? TZ, или длÑ? оÑ?кÑ?Ñ?Ñ?иÑ?
+ Ñ?айлов, коÑ?оÑ?Ñ?е в пÑ?оÑ?ивном Ñ?лÑ?Ñ?ае Ñ?Ñ?омÑ? полÑ?зоваÑ?елÑ? оÑ?кÑ?Ñ?ваÑ?Ñ?
+ нелÑ?зÑ?. Ð?оÑ?леднее можеÑ? поÑ?енÑ?иалÑ?но вÑ?зваÑ?Ñ? изменениÑ?
+ в поведении Ñ?иÑ?Ñ?емÑ? пÑ?и Ñ?Ñ?ении опÑ?еделÑ?ннÑ?Ñ?
+ Ñ?пеÑ?иалÑ?нÑ?Ñ? Ñ?айлов Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?в или вÑ?зваÑ?Ñ? блокиÑ?овкÑ? запÑ?Ñ?ка пÑ?огÑ?аммÑ?
+ Ñ?еÑ?ез sudo.</p></li>
</ul>
- -<p>For the oldstable distribution (squeeze), these problems have been fixed
- -in version 1.7.4p4-2.squeeze.5.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 1.7.4p4-2.squeeze.5.</p>
- -<p>For the stable distribution (wheezy), they have been fixed in version
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (wheezy) они бÑ?ли иÑ?пÑ?авленÑ? в веÑ?Ñ?ии
1.8.5p2-1+nmu2.</p>
- -<p>We recommend that you upgrade your sudo packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? sudo.</p>
</define-tag>
# do not modify the following line
- --- english/security/2015/dla-233.wml 2016-04-07 03:10:34.000000000 +0500
+++ russian/security/2015/dla-233.wml 2016-05-04 14:08:11.917514741 +0500
@@ -1,20 +1,21 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
- -<p>Upstream published version 0.98.7. This update updates sqeeze-lts to the
- -latest upstream release in line with the approach used for other Debian
- -releases.</p>
+<p>Ð?вÑ?оÑ?Ñ? оÑ?новной веÑ?ки Ñ?азÑ?абоÑ?ки опÑ?бликовали веÑ?Ñ?иÑ? 0.98.7. Ð?анное обновление обновлÑ?еÑ? sqeeze-lts до
+поÑ?леднего вÑ?пÑ?Ñ?ка оÑ?новной веÑ?ки Ñ?азÑ?абоÑ?ки, Ñ?Ñ?о Ñ?ооÑ?веÑ?Ñ?Ñ?вÑ?еÑ? подÑ?одÑ?, иÑ?полÑ?зÑ?емомÑ? в дÑ?Ñ?гиÑ?
+вÑ?пÑ?Ñ?каÑ? Debian.</p>
- -<p>The changes are not strictly required for operation, but users of the previous
- -version in Squeeze may not be able to make use of all current virus signatures
- -and might get warnings.</p>
+<p>ÐÑ?и изменениÑ? не Ñ?Ñ?ебÑ?Ñ?Ñ?Ñ?Ñ? длÑ? Ñ?абоÑ?Ñ?, но полÑ?зоваÑ?ели пÑ?едÑ?дÑ?Ñ?ей
+веÑ?Ñ?ии в Squeeze могÑ?Ñ? оказаÑ?Ñ? неÑ?поÑ?обнÑ? иÑ?полÑ?зоваÑ?Ñ? вÑ?е Ñ?екÑ?Ñ?ие Ñ?игнаÑ?Ñ?Ñ?Ñ? виÑ?Ñ?Ñ?ов
+и могÑ?Ñ? полÑ?Ñ?иÑ?Ñ? пÑ?едÑ?пÑ?еждениÑ? об Ñ?Ñ?ом.</p>
- -<p>The bug fixes that are part of this release include security fixes related
- -to packed or crypted files (<a href="https://security-tracker.debian.org/tracker/CVE-2014-9328">CVE-2014-9328</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-1461">CVE-2015-1461</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-1462">CVE-2015-1462</a>,
- -<a href="https://security-tracker.debian.org/tracker/CVE-2015-1463">CVE-2015-1463</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2170">CVE-2015-2170</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2221">CVE-2015-2221</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2222">CVE-2015-2222</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2015-2668">CVE-2015-2668</a>)
- -and several fixes to the embedded libmspack library, including a potential
- -infinite loop in the Quantum decoder (<a href="https://security-tracker.debian.org/tracker/CVE-2014-9556">CVE-2014-9556</a>).</p>
+<p>ЧаÑ?Ñ?Ñ?Ñ? Ñ?Ñ?ого вÑ?пÑ?Ñ?ка Ñ?влÑ?Ñ?Ñ?Ñ?Ñ? и иÑ?пÑ?авлениÑ? оÑ?ибок, вклÑ?Ñ?аÑ? иÑ?пÑ?авлениÑ? безопаÑ?ноÑ?Ñ?и, Ñ?вÑ?заннÑ?е
+Ñ? запакованнÑ?ми или заÑ?иÑ?Ñ?ованнÑ?ми Ñ?айлами (<a href="https://security-tracker.debian.org/tracker/CVE-2014-9328">CVE-2014-9328</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-1461">CVE-2015-1461</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-1462">CVE-2015-1462</a>,
+<a href="https://security-tracker.debian.org/tracker/CVE-2015-1463">CVE-2015-1463</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2170">CVE-2015-2170</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2221">CVE-2015-2221</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2015-2222">CVE-2015-2222</a> и <a href="https://security-tracker.debian.org/tracker/CVE-2015-2668">CVE-2015-2668</a>),
+а Ñ?акже неÑ?колÑ?ко иÑ?пÑ?авлениÑ? вÑ?Ñ?Ñ?оенной библиоÑ?еки libmspack, вклÑ?Ñ?аÑ? поÑ?енÑ?иалÑ?нÑ?й
+беÑ?конеÑ?нÑ?й Ñ?икл в декодеÑ?е Quantum (<a href="https://security-tracker.debian.org/tracker/CVE-2014-9556">CVE-2014-9556</a>).</p>
- -<p>If you use clamav, we strongly recommend that you upgrade to this version.</p>
+<p>Ð?Ñ?ли вÑ? иÑ?полÑ?зÑ?еÑ?е clamav, Ñ?о вам наÑ?Ñ?оÑ?Ñ?елÑ?но Ñ?екомендÑ?еÑ?Ñ?Ñ? вÑ?полниÑ?Ñ? обновление до Ñ?Ñ?ой веÑ?Ñ?ии.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXKbv+AAoJEF7nbuICFtKlJlwQAKL2DD1eTV2z/n5FEzeWXvYA
1JCAmiP6TTrTX5z+pzKm1t3Ol5WtPPCZa48TPqaTnqPGVjolgJkxt/mFTEYlaRW7
t6sUd3m8c/QIjfCtnb3InXo3p7K2BXqlE1krvbvOqd4UeeRUH+SLDRPxpamCpA2s
FL/VBUXoX+bOXE0k3CTlN+GeKD0T+59OdJgrDHf6dtQYV37Wu8OHtA1f1gnWy5KT
nqOlKuTXxZZFxJV6v1LUd7Q+rFa22vbq941FWVyFQPGp2cmxnJHChlbWZ5uxzYAN
Qqtn0LcOmg6VvmYXnAHcx6UvbVsb0TJxMD+dqBBWBHXfVrqrdqZAJwCmTLbEJe7M
hUbtccwHI3QvFUqFo/ZmUQuaZOPn7jtxjOJ4RQWZnkrjNphyJo66qRjxqlaptkrY
0K7pEvwxx6YwiyoDViHOX3IPNH3jAIvFnIDuHyN1Rad3Yl3U8Z6GLpSiRR9Nlibx
ytdcGADlgiH+Cb1yDuvkMqT3dfZtnhWGmHPo4Dr7Z/25HtTY03jsBzvAgtArpBPU
OcrWnvGAgHjK4Y8rQrzIjbUyT8Q6P4Mm88lLg6sppe7Xhk0/jP7FKENrJDwLR35/
znu+QOjs0fxd9pROuqZgmmbw8I8Hix7+5lPAQVKuW+i2iBWBIF/bqWsVnBZF9vIG
whA38cl4BDlIALRo1PM+
=d23n
-----END PGP SIGNATURE-----
Reply to: