[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2015/dla-341.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-341.wml	2016-06-03 23:16:41.000000000 +0500
+++ russian/security/2015/dla-341.wml	2016-06-03 23:15:39.840456187 +0500
@@ -1,60 +1,61 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
 <ul>
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6831";>CVE-2015-6831</a>
- -     <p>Use after free vulnerability was found in unserialize() function.
- -     We can create ZVAL and free it via Serializable::unserialize.
- -     However the unserialize() will still allow to use R: or r: to set
- -     references to that already freed memory. It is possible to
- -     use-after-free attack and execute arbitrary code remotely.</p></li>
+     <p>Ð? Ñ?Ñ?нкÑ?ии unserialize() бÑ?ло обнаÑ?Ñ?жено иÑ?полÑ?зование Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и.
+     Ð?ожно Ñ?оздаÑ?Ñ? ZVAL и оÑ?вободиÑ?Ñ? еÑ? Ñ?еÑ?ез Serializable::unserialize.
+     Тем не менее, unserialize() вÑ?Ñ? еÑ?Ñ? бÑ?деÑ? позволÑ?Ñ?Ñ? иÑ?полÑ?зоваÑ?Ñ? R: или r: длÑ? Ñ?ого, Ñ?Ñ?обÑ?
+     Ñ?Ñ?Ñ?ановиÑ?Ñ? Ñ?казаÑ?ели на Ñ?Ñ?Ñ? Ñ?же оÑ?вобождÑ?ннÑ?Ñ? памÑ?Ñ?Ñ?. Ð?ожно пÑ?овеÑ?Ñ?и аÑ?акÑ? по иÑ?полÑ?зованиÑ?
+     Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и и Ñ?далÑ?нно вÑ?полниÑ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6832";>CVE-2015-6832</a>
- -     <p>Dangling pointer in the unserialization of ArrayObject items.</p></li>
+     <p>СÑ?Ñ?лка на неÑ?Ñ?Ñ?еÑ?Ñ?вÑ?Ñ?Ñ?ий обÑ?екÑ? в деÑ?еÑ?иализаÑ?ии запиÑ?ей ArrayObject.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6833";>CVE-2015-6833</a>
- -     <p>Files extracted from archive may be placed outside of destination
- -     directory</p></li>
+     <p>Ð?звлеÑ?Ñ?ннÑ?е из аÑ?Ñ?ива Ñ?айлÑ? могÑ?Ñ? бÑ?Ñ?Ñ? помеÑ?енÑ? за пÑ?еделÑ? Ñ?елевого
+     каÑ?алога.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6834";>CVE-2015-6834</a>
- -     <p>Use after free vulnerability was found in unserialize() function.
- -     We can create ZVAL and free it via Serializable::unserialize.
- -     However the unserialize() will still allow to use R: or r: to set
- -     references to that already freed memory. It is possible to
- -     use-after-free attack and execute arbitrary code remotely.</p></li>
+     <p>Ð? Ñ?Ñ?нкÑ?ии unserialize() бÑ?ло обнаÑ?Ñ?жено иÑ?полÑ?зование Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и.
+     Ð?ожно Ñ?оздаÑ?Ñ? ZVAL и оÑ?вободиÑ?Ñ? еÑ? Ñ?еÑ?ез Serializable::unserialize.
+     Тем не менее, unserialize() вÑ?Ñ? еÑ?Ñ? бÑ?деÑ? позволÑ?Ñ?Ñ? иÑ?полÑ?зоваÑ?Ñ? R: или r: длÑ? Ñ?ого, Ñ?Ñ?обÑ?
+     Ñ?Ñ?Ñ?ановиÑ?Ñ? Ñ?казаÑ?ели на Ñ?Ñ?Ñ? Ñ?же оÑ?вобождÑ?ннÑ?Ñ? памÑ?Ñ?Ñ?. Ð?ожно пÑ?овеÑ?Ñ?и аÑ?акÑ? по иÑ?полÑ?зованиÑ?
+     Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и и Ñ?далÑ?нно вÑ?полниÑ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6836";>CVE-2015-6836</a>
- -     <p>A type confusion occurs within SOAP serialize_function_call due
- -     to an insufficient validation of the headers field.
- -     In the SoapClient's __call method, the verify_soap_headers_array
- -     check is applied only to headers retrieved from
- -     zend_parse_parameters; problem is that a few lines later,
- -     soap_headers could be updated or even replaced with values from
- -     the __default_headers object fields.</p></li>
+     <p>Ð? SOAP serialize_function_call возникаеÑ? оÑ?ибка Ñ?ипа из-за
+     недоÑ?Ñ?аÑ?оÑ?ной пÑ?овеÑ?ки полÑ? заголовков.
+     Ð? меÑ?оде __call из SoapClient пÑ?овеÑ?ка verify_soap_headers_array
+     пÑ?именÑ?еÑ?Ñ?Ñ? Ñ?олÑ?ко к заголовкам, полÑ?Ñ?еннÑ?м из
+     zend_parse_parameters; пÑ?облема Ñ?оÑ?Ñ?оиÑ? в Ñ?ом, Ñ?Ñ?о Ñ?еÑ?ез неÑ?колÑ?ко Ñ?Ñ?Ñ?ок
+     знаÑ?ение soap_headers можеÑ? бÑ?Ñ?Ñ? обновлено или заменено знаÑ?ениÑ?ми из
+     обÑ?екÑ?ного полÑ? __default_headers.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6837";>CVE-2015-6837</a>
- -     <p>The XSLTProcessor class misses a few checks on the input from the
- -     libxslt library. The valuePop() function call is able to return
- -     NULL pointer and php does not check that.</p></li>
+     <p>Ð? клаÑ?Ñ?е XSLTProcessor оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?Ñ?Ñ? пÑ?овеÑ?ки вÑ?однÑ?Ñ? даннÑ?Ñ? из
+     библиоÑ?еки libxslt. Ð?Ñ?зов Ñ?Ñ?нкÑ?ии valuePop() можеÑ? возвÑ?аÑ?иÑ?Ñ?
+     NULL-Ñ?казаÑ?елÑ?, а PHP не вÑ?полнÑ?еÑ? его пÑ?овеÑ?кÑ?.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-6838";>CVE-2015-6838</a>
- -     <p>The XSLTProcessor class misses a few checks on the input from the
- -     libxslt library. The valuePop() function call is able to return
- -     NULL pointer and php does not check that.</p></li>
+     <p>Ð? клаÑ?Ñ?е XSLTProcessor оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вÑ?Ñ?Ñ? пÑ?овеÑ?ки вÑ?однÑ?Ñ? даннÑ?Ñ? из
+     библиоÑ?еки libxslt. Ð?Ñ?зов Ñ?Ñ?нкÑ?ии valuePop() можеÑ? возвÑ?аÑ?иÑ?Ñ?
+     NULL-Ñ?казаÑ?елÑ?, а PHP не вÑ?полнÑ?еÑ? его пÑ?овеÑ?кÑ?.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7803";>CVE-2015-7803</a>
- -     <p>A NULL pointer dereference flaw was found in the way PHP's Phar
- -     extension parsed Phar archives. A specially crafted archive could
- -     cause PHP to crash.</p></li>
+     <p>Ð? Ñ?поÑ?обе, иÑ?полÑ?зÑ?емом в Ñ?аÑ?Ñ?иÑ?ении Phar длÑ? PHP длÑ? гÑ?аммаÑ?иÑ?еÑ?кого
+     Ñ?азбоÑ?а аÑ?Ñ?ивов Phar, бÑ?ло обнаÑ?Ñ?жено Ñ?азÑ?менование NULL-Ñ?казаÑ?елÑ?. СпеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й
+     аÑ?Ñ?ив можеÑ? пÑ?ивеÑ?Ñ?и к аваÑ?ийной оÑ?Ñ?ановке PHP.</p></li>
 
    <li><a href="https://security-tracker.debian.org/tracker/CVE-2015-7804";>CVE-2015-7804</a>
- -     <p>An uninitialized pointer use flaw was found in the
- -     phar_make_dirstream() function of PHP's Phar extension.
- -     A specially crafted phar file in the ZIP format with a directory
- -     entry with a file name "/ZIP" could cause a PHP application
- -     function to crash.</p></li>
+     <p>Ð? Ñ?Ñ?нÑ?ии phar_make_dirstream() из Ñ?аÑ?Ñ?иÑ?ениÑ? Phar длÑ? PHP бÑ?ло
+     обнаÑ?Ñ?жено иÑ?полÑ?зование неиниÑ?иализиÑ?ованного Ñ?казаÑ?елÑ?.
+     СпеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованнÑ?й Ñ?айл phar в Ñ?оÑ?маÑ?е ZIP Ñ? каÑ?алогом, Ñ?одеÑ?жаÑ?им
+     Ñ?айл Ñ? именем "/ZIP", можеÑ? вÑ?зÑ?ваÑ?Ñ? аваÑ?ийнÑ?Ñ? оÑ?Ñ?ановкÑ? пÑ?иложениÑ?
+     PHP.</p></li>
 </ul>
 </define-tag>
 
 # do not modify the following line
 #include "$(ENGLISHDIR)/security/2015/dla-341.data"
- -# $Id: dla-341.wml,v 1.3 2016/06/03 18:16:41 dogsleg Exp $
+# $Id: dla-341.wml,v 1.2 2016/04/07 20:24:54 djpig Exp $
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXUcneAAoJEF7nbuICFtKl+AIP/iNtFC/JGKPC9zjuZqVl4Prl
0rY1iciTnk8l+ywt3YxPcOpnglpnjZK5gdJ+lRFsjzcYCE6d1riAtoAeaWiQInQ/
93+TBpWbwFPShA4OoTlxGRuCtvcDDjKh5n5HT2dVJ8JC7QGfsBPx6dY0ZQzsH2+I
3rPXh8ZeQgugShsVc9fVVQWYr4Rlr1rITAZcNkd4jygfvk3DLNywXAEu9UJ6Kghh
grKebx7OeSCzZhhyk73LCxWffMuuMndqnaaNI+8EfZCis3T/54fGc8OI4T5dO+lE
KiyllQDH6rZx58usofXY76ly7SXALoePFAv/oMAYXv9Fio+UZ58JaTM0CPBgxPbJ
BZF44Et9LtTIL689OnToOQVSteteqqU8UYmUR4lcQQaPzqdM7a2uTDOmeAjKgYvt
bnRpdMk5ldKQ6OVbYfRguEzkKoh9res+PByWiktx+G9fiNyxDkpiM1fERunGBkr1
hTdW9if6VL7xlDm4yWMkLDd8hSF4XphqzfUxDpIEkWzEqhzuKQxKv7tzF8PLH/XS
eQ5nMa7MtLM9UINZRPp4SE3eRYfx3H7S8QE+QIDAR86p/8QnWyV5Smqavxw3V1wP
Q4w3wJyvvdUBRBtobit7baTpg0HB+QwhwvneE3vtXnBE707NW67k+5301K7JTddP
h8EZSKN2qtgEm24iEeUw
=xPVu
-----END PGP SIGNATURE-----
Reply to: