[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2015/dla-{177,325}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-177.wml	2016-04-09 01:32:24.000000000 +0500
+++ russian/security/2015/dla-177.wml	2016-05-07 22:48:16.845173877 +0500
@@ -1,49 +1,50 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>Multiple vulnerabilities have been discovered in OpenSSL, a Secure
- -Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
- -identifies the following issues:</p>
+<p>Ð? OpenSSL, набоÑ?е инÑ?Ñ?Ñ?Ñ?менÑ?ов Secure Sockets Layer, бÑ?ли обнаÑ?Ñ?женÑ?
+многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и. Ð?Ñ?оекÑ? Common Vulnerabilities and Exposures
+опÑ?еделÑ?еÑ? Ñ?ледÑ?Ñ?Ñ?ие пÑ?облемÑ?:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0209";>CVE-2015-0209</a>
 
- -    <p>It was discovered that a malformed EC private key might result in
- -    memory corruption.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о некоÑ?Ñ?екÑ?нÑ?й закÑ?Ñ?Ñ?Ñ?й клÑ?Ñ? EC можеÑ? пÑ?иводиÑ?Ñ? к
+    повÑ?еждениÑ? Ñ?одеÑ?жимого памÑ?Ñ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0286";>CVE-2015-0286</a>
 
- -    <p>Stephen Henson discovered that the ASN1_TYPE_cmp() function
- -    can be crashed, resulting in denial of service.</p></li>
+    <p>СÑ?ивен Ð¥Ñ?нÑ?он обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? ASN1_TYPE_cmp() можеÑ?
+    аваÑ?ийно завеÑ?Ñ?иÑ?Ñ? Ñ?воÑ? Ñ?абоÑ?Ñ?, Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0287";>CVE-2015-0287</a>
 
- -    <p>Emilia Kaesper discovered a memory corruption in ASN.1 parsing.</p></li>
+    <p>ЭмилиÑ? Ð?Ñ?Ñ?пеÑ? обнаÑ?Ñ?жила повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и пÑ?и вÑ?полнении гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а ASN.1.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0288";>CVE-2015-0288</a>
 
- -    <p>It was discovered that missing input sanitising in the
- -    X509_to_X509_REQ() function might result in denial of service.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вие оÑ?иÑ?Ñ?ки вÑ?однÑ?Ñ? даннÑ?Ñ? в Ñ?Ñ?нкÑ?ии
+    X509_to_X509_REQ() можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0289";>CVE-2015-0289</a>
 
- -    <p>Michal Zalewski discovered a NULL pointer dereference in the
- -    PKCS#7 parsing code, resulting in denial of service.</p></li>
+    <p>Ð?иÑ?ал Ð?алевÑ?ки обнаÑ?Ñ?жил Ñ?азÑ?менование NULL-Ñ?казаÑ?елей в коде длÑ? вÑ?полнениÑ?
+    гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а PKCS#7, коÑ?оÑ?ое пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0292";>CVE-2015-0292</a>
 
- -    <p>It was discovered that missing input sanitising in base64 decoding
- -    might result in memory corruption.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вие оÑ?иÑ?Ñ?ки вÑ?однÑ?Ñ? даннÑ?Ñ? в коде длÑ? декодиÑ?ованиÑ? base64
+    можеÑ? пÑ?иводиÑ?Ñ? к повÑ?еждениÑ? Ñ?одеÑ?жимого памÑ?Ñ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0293";>CVE-2015-0293</a>
 
- -    <p>A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
- -    servers that both support SSLv2 and enable export cipher suites by sending
- -    a specially crafted SSLv2 CLIENT-MASTER-KEY message.</p></li>
+    <p>Ð?лоÑ?мÑ?Ñ?ленник пÑ?Ñ?Ñ?м оÑ?пÑ?авки Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного SSLv2-Ñ?ообÑ?ениÑ? CLIENT-MASTER-KEY
+    можеÑ? вÑ?зваÑ?Ñ? OPENSSL_assert (Ñ?. е., пÑ?инÑ?диÑ?елÑ?ное пÑ?екÑ?аÑ?ение Ñ?абоÑ?Ñ?) на
+    Ñ?еÑ?веÑ?е, поддеÑ?живаÑ?Ñ?ем SSLv2, и на коÑ?оÑ?ом вклÑ?Ñ?ена возможноÑ?Ñ?Ñ? Ñ?кÑ?поÑ?Ñ?а Ñ?иÑ?Ñ?ов.</p></li>
 
 </ul>
 
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in openssl version 0.9.8o-4squeeze20</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в openssl веÑ?Ñ?ии 0.9.8o-4squeeze20</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2015/dla-325.wml	2016-04-07 03:10:36.000000000 +0500
+++ russian/security/2015/dla-325.wml	2016-05-07 23:12:01.128414056 +0500
@@ -1,49 +1,50 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>This update fixes the CVEs described below.</p>
+<p>Ð?анное обновление иÑ?пÑ?авлÑ?еÑ? опиÑ?аннÑ?е ниже CVE.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-2925";>CVE-2015-2925</a>
 
- -    <p>Jann Horn discovered that when a subdirectory of a filesystem was
- -    bind-mounted into a chroot or mount namespace, a user that should
- -    be confined to that chroot or namespace could access the whole of
- -    that filesystem if they had write permission on an ancestor of
- -    the subdirectory.  This is not a common configuration for this
- -    kernel version.</p></li>
+    <p>Янн ХоÑ?н обнаÑ?Ñ?жил, Ñ?Ñ?о еÑ?ли подкаÑ?алог Ñ?айловой Ñ?иÑ?Ñ?емÑ? Ñ?монÑ?иÑ?ован Ñ? опÑ?ией bind в
+    окÑ?Ñ?жение chroot или пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?во имÑ?н монÑ?иÑ?ованиÑ?, Ñ?о полÑ?зоваÑ?елÑ?, коÑ?оÑ?Ñ?й должен бÑ?Ñ?Ñ?
+    огÑ?аниÑ?ен Ñ?Ñ?им окÑ?Ñ?жением chroot или пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?вом имÑ?н, можеÑ? полÑ?Ñ?иÑ?Ñ? доÑ?Ñ?Ñ?п ко вÑ?ей
+    Ñ?айловой Ñ?иÑ?Ñ?еме в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли он имееÑ? пÑ?ава на запиÑ?Ñ? в Ñ?одиÑ?елÑ?Ñ?кий каÑ?алог
+    Ñ?казанного подкаÑ?алога.  ЭÑ?о не Ñ?влÑ?еÑ?Ñ?Ñ? обÑ?ей наÑ?Ñ?Ñ?ойкой длÑ? данной
+    веÑ?Ñ?ии Ñ?дÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-5257";>CVE-2015-5257</a>
 
- -    <p>Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB
- -    device could cause a denial of service (crash) by imitating a
- -    Whiteheat USB serial device but presenting a smaller number of
- -    endpoints.</p></li>
+    <p>Ð?оÑ?ин Ð?аÑ?емзаде из Istuary Innovation Labs Ñ?ообÑ?ил, Ñ?Ñ?о USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?во
+    можеÑ? вÑ?зваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) пÑ?Ñ?Ñ?м имиÑ?аÑ?ии
+    поÑ?ледоваÑ?елÑ?ного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва Whiteheat, но пÑ?едÑ?Ñ?авлÑ?еÑ? менÑ?Ñ?ее Ñ?иÑ?ло
+    конеÑ?нÑ?Ñ? Ñ?оÑ?ек.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7613";>CVE-2015-7613</a>
 
- -    <p>Dmitry Vyukov discovered that System V IPC objects (message queues
- -    and shared memory segments) were made accessible before their
- -    ownership and other attributes were fully initialised.  If a local
- -    user can race against another user or service creating a new IPC
- -    object, this may result in unauthorised information disclosure,
- -    unauthorised information modification, denial of service and/or
- -    privilege escalation.</p>
- -
- -    <p>A similar issue existed with System V semaphore arrays, but was
- -    less severe because they were always cleared before being fully
- -    initialised.</p></li>
+    <p>Ð?миÑ?Ñ?ий Ð?Ñ?Ñ?ков обнаÑ?Ñ?жил, Ñ?Ñ?о IPC-обÑ?екÑ?Ñ? System V (оÑ?еÑ?еди Ñ?ообÑ?ений
+    и Ñ?егменÑ?Ñ? Ñ?азделÑ?емой памÑ?Ñ?и) Ñ?Ñ?ановÑ?Ñ?Ñ?Ñ? доÑ?Ñ?Ñ?пнÑ?ми до полной иниÑ?иализаÑ?ии
+    иÑ? пÑ?инадлежноÑ?Ñ?и и дÑ?Ñ?гиÑ? аÑ?Ñ?ибÑ?Ñ?ов.  Ð?Ñ?ли локалÑ?нÑ?й полÑ?зоваÑ?елÑ?
+    можеÑ? вÑ?Ñ?Ñ?пиÑ?Ñ? в гонкÑ? Ñ? дÑ?Ñ?гим полÑ?зоваÑ?елем или Ñ?лÑ?жбой, Ñ?оздаваÑ? новÑ?й
+    IPC-обÑ?екÑ?, Ñ?о Ñ?Ñ?о можеÑ? пÑ?иводиÑ?Ñ? к неавÑ?оÑ?изованномÑ? Ñ?аÑ?кÑ?Ñ?Ñ?иÑ? инÑ?оÑ?маÑ?ии,
+    неавÑ?оÑ?изованномÑ? изменениÑ? инÑ?оÑ?маÑ?ии, оÑ?казÑ? в обÑ?лÑ?живании и/или
+    повÑ?Ñ?ениÑ? пÑ?ивилегий.</p>
+
+    <p>СÑ?однаÑ? пÑ?облема имееÑ? меÑ?Ñ?о Ñ? маÑ?Ñ?ивами Ñ?емаÑ?оÑ?ов System V, но она
+    менее Ñ?еÑ?Ñ?Ñ?зна, Ñ?ак как Ñ?Ñ?и маÑ?Ñ?ивÑ? вÑ?егда оÑ?иÑ?аÑ?Ñ?Ñ?Ñ? до иÑ? полной
+    иниÑ?иализаÑ?ии.</p></li>
 
 </ul>
 
- -<p>For the oldoldstable distribution (squeeze), these problems have been
- -fixed in version 2.6.32-48squeeze16.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?аÑ?ом Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли
+иÑ?пÑ?авленÑ? в веÑ?Ñ?ии 2.6.32-48squeeze16.</p>
 
- -<p>For the oldstable distribution (wheezy), these problems will be fixed
- -in version 3.2.68-1+deb7u5.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (wheezy) Ñ?Ñ?и пÑ?облемÑ? бÑ?дÑ?Ñ? иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 3.2.68-1+deb7u5.</p>
 
- -<p>For the stable distribution (jessie), these problems will be fixed
- -in version 3.16.7-ckt11-1+deb8u5 or have been fixed earlier.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?дÑ?Ñ? иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 3.16.7-ckt11-1+deb8u5, либо Ñ?же бÑ?ли иÑ?пÑ?авленÑ? Ñ?анее.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXLi/0AAoJEF7nbuICFtKlTAEP/jkOZEKD1x2sSYKpGI63qwgQ
N4GbjsEqh/LF9wUqsLS5NjOfI7jn+gU6v7WN1cvplkB/ZDzExTC1lvRHXi4/ZcSJ
ffvMO1AerlPZ1y2OIQLljlLIuhUoDrvsdCWWI/yMMaFKPkFfW3TX2rQjJGudE64X
hvAhPKaE2col+pKObhy5yf4AomdRvRRp9NCVXy9+OJR1hotGWBF60k32yA8flvg4
g7NeYwSJ/qCsUyMPN3KySw4zqEMLWtQ+WvScrBhHRTU1Mb8P4xUWjMnApE0YKCvd
EJa8Zo2Z2n4/naP0r6greGFaP/sZFJXXk9/8H2hzx89FVY7LivuVgIiShD4blGEH
9D1P0Y22ELmiSQnET+t1+bF3P5jXPIbs0gMhbIkzCA2rnCozNWVZ3Ir43Nkcr9S/
As1iKD89xSQRXrJ3jWsE9AzCQMdsS9Dgafg2z23rntU2j77WQExOoSz6Jeotn9JX
ocJbrt3G9OBqo8tQ7dR5Y7tb2xjd4T5L88EeyjBKqAiQ/ICk8USgNTXQShgHhz4c
1esFDq0lj5AkUlQLv1B0SFQevNUzoeznkcBCH6ztNZgdY4SyI949uTsaTs2D3el5
+MkTUFGY1llKKn+kdGw+A7FrrmPYiyUXnxyb2MKb85XfXkFWebCwpzMNY0VcEfX9
UP7O6o8DXUMBKCy7KCon
=K/fk
-----END PGP SIGNATURE-----
Reply to: