[DONE] wml://{security/2015/dla-341.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2015/dla-341.wml 2016-06-03 23:16:41.000000000 +0500
+++ russian/security/2015/dla-341.wml 2016-06-03 23:15:39.840456187 +0500
@@ -1,60 +1,61 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
<define-tag moreinfo>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6831">CVE-2015-6831</a>
- - <p>Use after free vulnerability was found in unserialize() function.
- - We can create ZVAL and free it via Serializable::unserialize.
- - However the unserialize() will still allow to use R: or r: to set
- - references to that already freed memory. It is possible to
- - use-after-free attack and execute arbitrary code remotely.</p></li>
+ <p>Ð? Ñ?Ñ?нкÑ?ии unserialize() бÑ?ло обнаÑ?Ñ?жено иÑ?полÑ?зование Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и.
+ Ð?ожно Ñ?оздаÑ?Ñ? ZVAL и оÑ?вободиÑ?Ñ? еÑ? Ñ?еÑ?ез Serializable::unserialize.
+ Тем не менее, unserialize() вÑ?Ñ? еÑ?Ñ? бÑ?деÑ? позволÑ?Ñ?Ñ? иÑ?полÑ?зоваÑ?Ñ? R: или r: длÑ? Ñ?ого, Ñ?Ñ?обÑ?
+ Ñ?Ñ?Ñ?ановиÑ?Ñ? Ñ?казаÑ?ели на Ñ?Ñ?Ñ? Ñ?же оÑ?вобождÑ?ннÑ?Ñ? памÑ?Ñ?Ñ?. Ð?ожно пÑ?овеÑ?Ñ?и аÑ?акÑ? по иÑ?полÑ?зованиÑ?
+ Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и и Ñ?далÑ?нно вÑ?полниÑ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6832">CVE-2015-6832</a>
- - <p>Dangling pointer in the unserialization of ArrayObject items.</p></li>
+ <p>СÑ?Ñ?лка на неÑ?Ñ?Ñ?еÑ?Ñ?вÑ?Ñ?Ñ?ий обÑ?екÑ? в деÑ?еÑ?иализаÑ?ии запиÑ?ей ArrayObject.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6833">CVE-2015-6833</a>
- - <p>Files extracted from archive may be placed outside of destination
- - directory</p></li>
+ <p>Ð?звлеÑ?Ñ?ннÑ?е из аÑ?Ñ?ива Ñ?айлÑ? могÑ?Ñ? бÑ?Ñ?Ñ? помеÑ?енÑ? за пÑ?еделÑ? Ñ?елевого
+ каÑ?алога.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6834">CVE-2015-6834</a>
- - <p>Use after free vulnerability was found in unserialize() function.
- - We can create ZVAL and free it via Serializable::unserialize.
- - However the unserialize() will still allow to use R: or r: to set
- - references to that already freed memory. It is possible to
- - use-after-free attack and execute arbitrary code remotely.</p></li>
+ <p>Ð? Ñ?Ñ?нкÑ?ии unserialize() бÑ?ло обнаÑ?Ñ?жено иÑ?полÑ?зование Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и.
+ Ð?ожно Ñ?оздаÑ?Ñ? ZVAL и оÑ?вободиÑ?Ñ? еÑ? Ñ?еÑ?ез Serializable::unserialize.
+ Тем не менее, unserialize() вÑ?Ñ? еÑ?Ñ? бÑ?деÑ? позволÑ?Ñ?Ñ? иÑ?полÑ?зоваÑ?Ñ? R: или r: длÑ? Ñ?ого, Ñ?Ñ?обÑ?
+ Ñ?Ñ?Ñ?ановиÑ?Ñ? Ñ?казаÑ?ели на Ñ?Ñ?Ñ? Ñ?же оÑ?вобождÑ?ннÑ?Ñ? памÑ?Ñ?Ñ?. Ð?ожно пÑ?овеÑ?Ñ?и аÑ?акÑ? по иÑ?полÑ?зованиÑ?
+ Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и и Ñ?далÑ?нно вÑ?полниÑ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6836">CVE-2015-6836</a>
- - <p>A type confusion occurs within SOAP serialize_function_call due
- - to an insufficient validation of the headers field.
- - In the SoapClient's __call method, the verify_soap_headers_array
- - check is applied only to headers retrieved from
- - zend_parse_parameters; problem is that a few lines later,
- - soap_headers could be updated or even replaced with values from
- - the __default_headers object fields.</p></li>
+ <p>Ð? SOAP serialize_function_call возникаеÑ? оÑ?ибка Ñ?ипа из-за
+ недоÑ?Ñ?аÑ?оÑ?ной пÑ?овеÑ?ки полÑ? заголовков.
+ Ð? меÑ?оде __call из SoapClient пÑ?овеÑ?ка verify_soap_headers_array
+ пÑ?именÑ?еÑ?Ñ?Ñ? Ñ?олÑ?ко к заголовкам, полÑ?Ñ?еннÑ?м из
+ zend_parse_parameters; пÑ?облема Ñ?оÑ?Ñ?оиÑ? в Ñ?ом, Ñ?Ñ?о Ñ?еÑ?ез неÑ?колÑ?ко Ñ?Ñ?Ñ?ок
+ знаÑ?ение soap_headers можеÑ? бÑ?Ñ?Ñ? обновлено или заменено знаÑ?ениÑ?ми из
+ обÑ?екÑ?ного полÑ? __default_headers.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6837">CVE-2015-6837</a>
- - <p>The XSLTProcessor class misses a few checks on the input from the
- - libxslt library. The valuePop() function call is able to return
- - NULL pointer and php does not check that.</p></li>
+ <p>Ð? клаÑ?Ñ?е XSLTProcessor оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?Ñ?Ñ? пÑ?овеÑ?ки вÑ?однÑ?Ñ? даннÑ?Ñ? из
+ библиоÑ?еки libxslt. Ð?Ñ?зов Ñ?Ñ?нкÑ?ии valuePop() можеÑ? возвÑ?аÑ?иÑ?Ñ?
+ NULL-Ñ?казаÑ?елÑ?, а PHP не вÑ?полнÑ?еÑ? его пÑ?овеÑ?кÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6838">CVE-2015-6838</a>
- - <p>The XSLTProcessor class misses a few checks on the input from the
- - libxslt library. The valuePop() function call is able to return
- - NULL pointer and php does not check that.</p></li>
+ <p>Ð? клаÑ?Ñ?е XSLTProcessor оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?Ñ?Ñ? пÑ?овеÑ?ки вÑ?однÑ?Ñ? даннÑ?Ñ? из
+ библиоÑ?еки libxslt. Ð?Ñ?зов Ñ?Ñ?нкÑ?ии valuePop() можеÑ? возвÑ?аÑ?иÑ?Ñ?
+ NULL-Ñ?казаÑ?елÑ?, а PHP не вÑ?полнÑ?еÑ? его пÑ?овеÑ?кÑ?.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7803">CVE-2015-7803</a>
- - <p>A NULL pointer dereference flaw was found in the way PHP's Phar
- - extension parsed Phar archives. A specially crafted archive could
- - cause PHP to crash.</p></li>
+ <p>Ð? Ñ?поÑ?обе, иÑ?полÑ?зÑ?емом в Ñ?аÑ?Ñ?иÑ?ении Phar длÑ? PHP длÑ? гÑ?аммаÑ?иÑ?еÑ?кого
+ Ñ?азбоÑ?а аÑ?Ñ?ивов Phar, бÑ?ло обнаÑ?Ñ?жено Ñ?азÑ?менование NULL-Ñ?казаÑ?елÑ?. СпеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й
+ аÑ?Ñ?ив можеÑ? пÑ?ивеÑ?Ñ?и к аваÑ?ийной оÑ?Ñ?ановке PHP.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7804">CVE-2015-7804</a>
- - <p>An uninitialized pointer use flaw was found in the
- - phar_make_dirstream() function of PHP's Phar extension.
- - A specially crafted phar file in the ZIP format with a directory
- - entry with a file name "/ZIP" could cause a PHP application
- - function to crash.</p></li>
+ <p>Ð? Ñ?Ñ?нÑ?ии phar_make_dirstream() из Ñ?аÑ?Ñ?иÑ?ениÑ? Phar длÑ? PHP бÑ?ло
+ обнаÑ?Ñ?жено иÑ?полÑ?зование неиниÑ?иализиÑ?ованного Ñ?казаÑ?елÑ?.
+ СпеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й Ñ?айл phar в Ñ?оÑ?маÑ?е ZIP Ñ? каÑ?алогом, Ñ?одеÑ?жаÑ?им
+ Ñ?айл Ñ? именем "/ZIP", можеÑ? вÑ?зÑ?ваÑ?Ñ? аваÑ?ийнÑ?Ñ? оÑ?Ñ?ановкÑ? пÑ?иложениÑ?
+ PHP.</p></li>
</ul>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2015/dla-341.data"
- -# $Id: dla-341.wml,v 1.3 2016/06/03 18:16:41 dogsleg Exp $
+# $Id: dla-341.wml,v 1.2 2016/04/07 20:24:54 djpig Exp $
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXUcneAAoJEF7nbuICFtKl+AIP/iNtFC/JGKPC9zjuZqVl4Prl
0rY1iciTnk8l+ywt3YxPcOpnglpnjZK5gdJ+lRFsjzcYCE6d1riAtoAeaWiQInQ/
93+TBpWbwFPShA4OoTlxGRuCtvcDDjKh5n5HT2dVJ8JC7QGfsBPx6dY0ZQzsH2+I
3rPXh8ZeQgugShsVc9fVVQWYr4Rlr1rITAZcNkd4jygfvk3DLNywXAEu9UJ6Kghh
grKebx7OeSCzZhhyk73LCxWffMuuMndqnaaNI+8EfZCis3T/54fGc8OI4T5dO+lE
KiyllQDH6rZx58usofXY76ly7SXALoePFAv/oMAYXv9Fio+UZ58JaTM0CPBgxPbJ
BZF44Et9LtTIL689OnToOQVSteteqqU8UYmUR4lcQQaPzqdM7a2uTDOmeAjKgYvt
bnRpdMk5ldKQ6OVbYfRguEzkKoh9res+PByWiktx+G9fiNyxDkpiM1fERunGBkr1
hTdW9if6VL7xlDm4yWMkLDd8hSF4XphqzfUxDpIEkWzEqhzuKQxKv7tzF8PLH/XS
eQ5nMa7MtLM9UINZRPp4SE3eRYfx3H7S8QE+QIDAR86p/8QnWyV5Smqavxw3V1wP
Q4w3wJyvvdUBRBtobit7baTpg0HB+QwhwvneE3vtXnBE707NW67k+5301K7JTddP
h8EZSKN2qtgEm24iEeUw
=xPVu
-----END PGP SIGNATURE-----
Reply to: