[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2015/dla-247.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-247.wml	2016-04-08 01:24:54.000000000 +0500
+++ russian/security/2015/dla-247.wml	2016-05-12 23:16:25.642042735 +0500
@@ -1,50 +1,51 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets
- -Layer toolkit.</p>
+<p>Ð? OpenSSL, набоÑ?е инÑ?Ñ?Ñ?Ñ?менÑ?ов Secure Sockets Layer, бÑ?ли обнаÑ?Ñ?женÑ?
+многоÑ?иÑ?леннÑ?е Ñ?Ñ?звимоÑ?Ñ?и.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-8176";>CVE-2014-8176</a>
 
- -    <p>Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered
- -    that an invalid memory free could be triggered when buffering DTLS
- -    data. This could allow remote attackers to cause a denial of service
- -    (crash) or potentially execute arbitrary code. This issue only
- -    affected the oldstable distribution (wheezy).</p></li>
+    <p>Ð?Ñ?авеен Ð?аÑ?иÑ?наÑ?алли, Ð?йван ФÑ?аÑ?Ñ?ик и ФеликÑ? Ð?Ñ?Ñ?беÑ?Ñ? обнаÑ?Ñ?жили,
+    Ñ?Ñ?о можеÑ? пÑ?оиÑ?Ñ?одиÑ?Ñ? некоÑ?Ñ?екÑ?ное оÑ?вобождение памÑ?Ñ?и пÑ?и бÑ?Ñ?еÑ?изаÑ?ии
+    даннÑ?Ñ? DTLS. ЭÑ?о можеÑ? позволиÑ?Ñ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+    (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но вÑ?полниÑ?Ñ? пÑ?оизволÑ?нÑ?й код. ЭÑ?а пÑ?облема каÑ?аеÑ?Ñ?Ñ?
+    Ñ?олÑ?ко пÑ?едÑ?дÑ?Ñ?его Ñ?Ñ?абилÑ?ного вÑ?пÑ?Ñ?ка (wheezy).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1789";>CVE-2015-1789</a>
 
- -    <p>Robert Swiecki and Hanno Böck discovered that the X509_cmp_time
- -    function could read a few bytes out of bounds. This could allow remote
- -    attackers to cause a denial of service (crash) via crafted
- -    certificates and CRLs.</p></li>
+    <p>РобеÑ?Ñ? Свики и Ханно Ð?Ñ?к обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?Ñ?нкÑ?иÑ? X509_cmp_time можеÑ? Ñ?Ñ?иÑ?Ñ?ваÑ?Ñ?
+    неÑ?колÑ?ко байÑ? за гÑ?аниÑ?ами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и. ЭÑ?о можеÑ? позволиÑ?Ñ? Ñ?далÑ?ннÑ?м
+    злоÑ?мÑ?Ñ?ленникам вÑ?зваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но
+    Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? Ñ?еÑ?Ñ?иÑ?икаÑ?ов и CRL.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1790";>CVE-2015-1790</a>
 
- -    <p>Michal Zalewski discovered that the PKCS#7 parsing code did not
- -    properly handle missing content which could lead to a NULL pointer
- -    dereference. This could allow remote attackers to cause a denial of
- -    service (crash) via crafted ASN.1-encoded PKCS#7 blobs.</p></li>
+    <p>Ð?иÑ?ал Ð?алевÑ?ки обнаÑ?Ñ?жил, Ñ?Ñ?о код длÑ? вÑ?полнениÑ? гÑ?аммаÑ?иÑ?еÑ?кого Ñ?азбоÑ?а PKCS#7
+    непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?Ñ?Ñ?ее Ñ?одеÑ?жимое, Ñ?Ñ?о пÑ?иводиÑ? к Ñ?азÑ?менованиÑ?
+    NULL-Ñ?казаÑ?елÑ?. ЭÑ?о можеÑ? позволиÑ?Ñ? Ñ?далÑ?ннÑ?Ñ? злоÑ?мÑ?Ñ?ленникам вÑ?зваÑ?Ñ? оÑ?каз в
+    обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) пÑ?и помоÑ?и Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? закодиÑ?ованнÑ?Ñ? Ñ? помоÑ?Ñ?Ñ? ASN.1 двоиÑ?нÑ?Ñ? даннÑ?Ñ? PKCS#7.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1791";>CVE-2015-1791</a>
 
- -    <p>Emilia Käsper discovered that a race condition could occur due to
- -    incorrect handling of NewSessionTicket in a multi-threaded client,
- -    leading to a double free. This could allow remote attackers to cause
- -    a denial of service (crash).</p></li>
+    <p>ЭмилиÑ? Ð?Ñ?Ñ?пеÑ? обнаÑ?Ñ?жила, Ñ?Ñ?о из-за некоÑ?Ñ?екÑ?ной обÑ?абоÑ?ки NewSessionTicket в многопоÑ?оÑ?ном
+    клиенÑ?е можеÑ? возникаÑ?Ñ? Ñ?оÑ?Ñ?оÑ?ние гонки, коÑ?оÑ?ое
+    пÑ?иводиÑ? к двойномÑ? оÑ?вобождениÑ? памÑ?Ñ?и. ЭÑ?о можеÑ? позволиÑ?Ñ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зваÑ?Ñ?
+    оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-1792";>CVE-2015-1792</a>
 
- -    <p>Johannes Bauer discovered that the CMS code could enter an infinite
- -    loop when verifying a signedData message, if presented with an
- -    unknown hash function OID. This could allow remote attackers to cause
- -    a denial of service.</p></li>
+    <p>Ð?оÑ?аннеÑ? Ð?аÑ?еÑ? обнаÑ?Ñ?жил, Ñ?Ñ?о код CMS можеÑ? войÑ?и в беÑ?конеÑ?нÑ?й
+    Ñ?икл пÑ?и пÑ?овеÑ?ке Ñ?ообÑ?ениÑ? signedData в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли емÑ? попадаеÑ?Ñ?Ñ?
+    неизвеÑ?Ñ?нÑ?й OID Ñ?еÑ?-Ñ?Ñ?нкÑ?ии. ЭÑ?о можеÑ? позволиÑ?Ñ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зваÑ?Ñ?
+    оÑ?каз в обÑ?лÑ?живании.</p></li>
 
 </ul>
 
- -<p>Additionally OpenSSL will now reject handshakes using DH parameters
- -shorter than 768 bits as a countermeasure against the Logjam attack
+<p>Ð?Ñ?оме Ñ?ого, OpenSSL Ñ?епеÑ?Ñ? оÑ?клонÑ?еÑ? Ñ?Ñ?копожаÑ?иÑ?, иÑ?полÑ?зÑ?Ñ?Ñ?ие паÑ?амеÑ?Ñ?Ñ? DH
+коÑ?оÑ?е 768 биÑ?, Ñ?Ñ?о Ñ?влÑ?еÑ?Ñ?Ñ? конÑ?Ñ?меÑ?ой аÑ?аке Logjam
 (<a href="https://security-tracker.debian.org/tracker/CVE-2015-4000";>CVE-2015-4000</a>).</p>
 </define-tag>
 
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXNMh8AAoJEF7nbuICFtKlVwYP/1CcJMMrjGGRm5QmIKnxBIgf
OCuHXeYNrVaWGzfYs5lgj6b0vQInw5no8xojfZ0QjcaP1mUbCLGCsaGSr3ox+gwf
5ZMFkFZkIZ7FqGq9Ge4t97LgK9G3yfoUCQYC6tcBhCV46zs9MkqjKvu6LjHO46Mw
hemv7QJiPO1oRM8UOoSuSnbg6oMiK4Z1G0w/0kevvVYs+dSQeGLz9eQntu7m7erB
X8Rhsiq6QQTFQcbY6G8PaaU1WuQBO2JOZC7uXSaMyrUekLyCp6fRvXLw9Udw/SkF
DXQo8/EnTTjp099f+itc7mx1QqqU5NVB81i18kH+3xqlQ2R8F2IXnbwEhTmVy6Hj
9R0ttpXMVNgf0N5GgGdYREtWdme3laLtbwpxBYKBKEMUL5T13IpdKnEHTPcL7jbP
cejq/Y7WDI92lIZWHdBS1cmSKGJKt85Da0pxQ7LtCqv9o9AcL9veN/LF0QJoWPyT
otRGi7c162XaplrazenFav27ziyYvefpwwPVg+Bc9ioruhzAdi9cFfXvPrH4WuaO
FFlMAME1rjjvyDDfUiVDGwgVBSo/T9eHZbHG/oVNK1iEsYUVDO82XfEjAFrzHdxw
0AWgtW7kPXvp+yfQKCLkTqCdmKAKTXMv5l7Zi0yVxvnN9mxgdVUwNMO8Ch04mDGI
EWTxr1AqDADfIZ4p9HCl
=qHhh
-----END PGP SIGNATURE-----
Reply to: