[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2016/dsa-3580.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dsa-3580.wml	2016-05-16 23:44:47.000000000 +0500
+++ russian/security/2016/dsa-3580.wml	2016-05-16 23:53:12.734117682 +0500
@@ -1,31 +1,32 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered
- -several vulnerabilities in ImageMagick, a program suite for image
- -manipulation. These vulnerabilities, collectively known as ImageTragick,
- -are the consequence of lack of sanitization of untrusted input. An
- -attacker with control on the image input could, with the privileges of
- -the user running the application, execute code
- -(<a href="https://security-tracker.debian.org/tracker/CVE-2016-3714";>CVE-2016-3714</a>), make HTTP
- -GET or FTP requests (<a href="https://security-tracker.debian.org/tracker/CVE-2016-3718";>CVE-2016-3718</a>),
- -or delete (<a href="https://security-tracker.debian.org/tracker/CVE-2016-3715";>CVE-2016-3715</a>), move
- -(<a href="https://security-tracker.debian.org/tracker/CVE-2016-3716";>CVE-2016-3716</a>), or read
- -(<a href="https://security-tracker.debian.org/tracker/CVE-2016-3717";>CVE-2016-3717</a>) local files.</p>
+<p>Ð?иколай Ð?Ñ?миÑ?кин из командÑ? безопаÑ?ноÑ?Ñ?и Mail.Ru и СÑ?Ñ?Ñ?и обнаÑ?Ñ?жили
+неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей в ImageMagick, набоÑ?е пÑ?огÑ?амм длÑ? Ñ?абоÑ?Ñ? Ñ?
+изобÑ?ажениÑ?ми. ЭÑ?и Ñ?Ñ?звимоÑ?Ñ?и, коÑ?оÑ?Ñ?е вмеÑ?Ñ?е извеÑ?Ñ?нÑ? под названием ImageTragick,
+Ñ?влÑ?Ñ?Ñ?Ñ?Ñ? Ñ?ледÑ?Ñ?виÑ?ми оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?виÑ? оÑ?иÑ?Ñ?ки недовеÑ?еннÑ?Ñ? вÑ?однÑ?Ñ? даннÑ?Ñ?. Ð?лоÑ?мÑ?Ñ?ленник,
+имеÑ?Ñ?ий возможноÑ?Ñ?Ñ? менÑ?Ñ?Ñ? вÑ?одное изобÑ?ажение, можеÑ? Ñ? пÑ?авами полÑ?зоваÑ?елÑ?, запÑ?Ñ?Ñ?ивÑ?его
+пÑ?иложение, вÑ?полнÑ?Ñ?Ñ? код
+(<a href="https://security-tracker.debian.org/tracker/CVE-2016-3714";>CVE-2016-3714</a>), делаÑ?Ñ? HTTP-запÑ?оÑ?Ñ?
+GET или FTP-запÑ?оÑ?Ñ? (<a href="https://security-tracker.debian.org/tracker/CVE-2016-3718";>CVE-2016-3718</a>),
+Ñ?далÑ?Ñ?Ñ? (<a href="https://security-tracker.debian.org/tracker/CVE-2016-3715";>CVE-2016-3715</a>), пеÑ?емеÑ?аÑ?Ñ?
+(<a href="https://security-tracker.debian.org/tracker/CVE-2016-3716";>CVE-2016-3716</a>) или Ñ?Ñ?иÑ?Ñ?ваÑ?Ñ?
+(<a href="https://security-tracker.debian.org/tracker/CVE-2016-3717";>CVE-2016-3717</a>) локалÑ?нÑ?е Ñ?айлÑ?.</p>
 
- -<p>These vulnerabilities are particularly critical if Imagemagick processes
- -images coming from remote parties, such as part of a web service.</p>
+<p>ЭÑ?и Ñ?Ñ?звимоÑ?Ñ?и оÑ?обенно кÑ?иÑ?иÑ?нÑ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли Imagemagick обÑ?абаÑ?Ñ?ваеÑ?
+изобÑ?ажениÑ?, иÑ?Ñ?одÑ?Ñ?ие оÑ? Ñ?далÑ?ннÑ?Ñ? Ñ?Ñ?оÑ?он, Ñ?акиÑ? как веб-Ñ?лÑ?жбÑ?.</p>
 
- -<p>The update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and
- -PLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In
- -addition, we introduce extra preventions, including some sanitization for
- -input filenames in http/https delegates, the full remotion of PLT/Gnuplot
- -decoder, and the need of explicit reference in the filename for the
- -insecure coders.</p>
+<p>Ð?анное обновление оÑ?клÑ?Ñ?аеÑ? Ñ?Ñ?звимÑ?е пÑ?еобÑ?азоваÑ?ели (EPHEMERAL, URL, MVG, MSL и
+PLT) и непÑ?Ñ?мое Ñ?Ñ?ение в Ñ?айле /etc/ImageMagick-6/policy.xml. Ð?Ñ?оме
+Ñ?ого, мÑ? добавили дополниÑ?елÑ?нÑ?е огÑ?аниÑ?ениÑ?, вклÑ?Ñ?аÑ? некоÑ?оÑ?Ñ?Ñ? оÑ?иÑ?Ñ?кÑ? имÑ?н
+вÑ?одÑ?Ñ?иÑ? Ñ?айлов в делегиÑ?овании http/https, полное пеÑ?емеÑ?ение декодеÑ?а
+PLT/Gnuplot, а Ñ?акже необÑ?одимоÑ?Ñ?Ñ? Ñ?вной Ñ?Ñ?Ñ?лки в имени Ñ?айла длÑ?
+небезопаÑ?нÑ?Ñ? пÑ?еобÑ?азоваÑ?елей.</p>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 8:6.8.9.9-5+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 8:6.8.9.9-5+deb8u2.</p>
 
- -<p>We recommend that you upgrade your imagemagick packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? imagemagick.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXOhc0AAoJEF7nbuICFtKlgx0P/jPzYEJZaGZYm6lxf5ji3glt
EJVR4wa1bvugEr9yLZ9nLiUbtfstagf6QtvniXe283UXcH4bO0+QnYUgiWfurQSu
GUSMg89a63M2eD+8OdPASnrDtpa9sO2cMwj1dArJ0cnJVqpjKGqNITtQvrTZ9L/S
34qkTGSOzKO7XzgPshU6ff2QoYSk7r+GnUuRpvAZcrvjPuR4FXT4gdYYtwIF6OG1
lQalKsU41C1tX/dZNxVGduI802LeOue1wwJwRbV5NnD9ZbnLN6M0rqZc/UiGN74/
3NJzvzY3FFENO/yi+QCuP2njfX2DijtGry7PP8ypMQKB9MzQZNT7D3mCT524bCT9
31n7bqHi0NwNLGB4BwZy/4qXl+4bnywusWDC87oSenIyEkgsQUjwUCqHhrKKG3By
PGFu1DuHBzb9dReJMZ+2HHXRWMP0vVcP3k01Z8cQRj7ZO39J3zQpmQs0N+JBqlI6
aGJxEMTaIfwSGPNAZisMlLSaby2+fTZ7zSKvWx76wdSLqqIhsQfD/4H2LpZjTGau
MLCkZzCn5vvYaCajqYkvffaQHynq21W7oinhbBEiY1mQJN+TWpumnbOfpuoFyBxT
rHrqrVvOJRf65+IOuLbpUx958/wTPiHgAvgDSUpxqd2jmR/UGWZv7KiRYgjFpZRA
Zleftm5EEkyNwHD487K9
=GgZ5
-----END PGP SIGNATURE-----
Reply to: