[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2015/dla-165.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2015/dla-165.wml	2016-04-07 03:47:55.000000000 +0500
+++ russian/security/2015/dla-165.wml	2016-06-08 16:56:24.834147806 +0500
@@ -1,7 +1,8 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.2" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been fixed in eglibc, Debian's version of
- -the GNU C library.</p>
+<p>Ð? eglibc, веÑ?Ñ?ии библиоÑ?еки GNU C длÑ? Debian, бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко
+Ñ?Ñ?звимоÑ?Ñ?ей.</p>
 
 <ul>
 
@@ -9,118 +10,118 @@
 <a href="https://security-tracker.debian.org/tracker/CVE-2015-1472";>CVE-2015-1472</a>,
 <a href="https://security-tracker.debian.org/tracker/CVE-2015-1473";>CVE-2015-1473</a>
 
- -    <p>The scanf family of functions do not properly limit stack
- -    allocation, which allows context-dependent attackers to cause a
- -    denial of service (crash) or possibly execute arbitrary code.</p>
+    <p>СемейÑ?Ñ?во Ñ?Ñ?нкÑ?ий scanf непÑ?авилÑ?но огÑ?аниÑ?иваеÑ? вÑ?деление
+    Ñ?Ñ?ека, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ?
+    оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код.</p>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-3405";>CVE-2012-3405</a>
 
- -    <p>The printf family of functions do not properly calculate a buffer
- -    length, which allows context-dependent attackers to bypass the
- -    FORTIFY_SOURCE format-string protection mechanism and cause a
- -    denial of service.</p></li>
+    <p>СемейÑ?Ñ?во Ñ?Ñ?нкÑ?ий printf непÑ?авилÑ?но вÑ?Ñ?иÑ?лÑ?еÑ? длинÑ?
+    бÑ?Ñ?еÑ?а, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а обÑ?одиÑ?Ñ?
+    меÑ?анизма заÑ?иÑ?Ñ? Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки FORTIFY_SOURCE и вÑ?зÑ?ваÑ?Ñ?
+    оÑ?каз в обÑ?лÑ?живании.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-3406";>CVE-2012-3406</a>
 
- -    <p>The printf family of functions do not properly limit stack
- -    allocation, which allows context-dependent attackers to bypass the
- -    FORTIFY_SOURCE format-string protection mechanism and cause a
- -    denial of service (crash) or possibly execute arbitrary code via a
- -    crafted format string.</p></li>
+    <p>СемейÑ?Ñ?во Ñ?Ñ?нкÑ?ий printf непÑ?авилÑ?но огÑ?аниÑ?иваеÑ? вÑ?деление
+    Ñ?Ñ?ека, Ñ?Ñ?о позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а обÑ?одиÑ?Ñ?
+    меÑ?анизм заÑ?иÑ?Ñ? Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки FORTIFY_SOURCE и вÑ?зÑ?ваÑ?Ñ?
+    оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ?
+    Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованной Ñ?оÑ?маÑ?ной Ñ?Ñ?Ñ?оки.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-3480";>CVE-2012-3480</a>
 
- -    <p>Multiple integer overflows in the strtod, strtof, strtold,
- -    strtod_l, and other related functions allow local users to cause a
- -    denial of service (application crash) and possibly execute
- -    arbitrary code via a long string, which triggers a stack-based
- -    buffer overflow.</p></li>
+    <p>Ð?ногоÑ?иÑ?леннÑ?е пеÑ?еполнениÑ? Ñ?елÑ?Ñ? Ñ?иÑ?ел в strtod, strtof, strtold,
+    strtod_l и дÑ?Ñ?гиÑ? Ñ?вÑ?заннÑ?Ñ? Ñ?Ñ?нкÑ?иÑ?Ñ? позволÑ?Ñ?Ñ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м вÑ?зÑ?ваÑ?Ñ?
+    оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) и поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ?
+    пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? длиннÑ?Ñ? Ñ?Ñ?Ñ?ок, вÑ?зÑ?ваÑ?Ñ?иÑ? пеÑ?еполнение
+    бÑ?Ñ?еÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-4412";>CVE-2012-4412</a>
 
- -    <p>Integer overflow in the strcoll and wcscoll functions allows
- -    context-dependent attackers to cause a denial of service (crash)
- -    or possibly execute arbitrary code via a long string, which
- -    triggers a heap-based buffer overflow.</p></li>
+    <p>Ð?еÑ?еполнение Ñ?елÑ?Ñ? Ñ?иÑ?ел в Ñ?Ñ?нкÑ?иÑ?Ñ? strcoll и wcscoll позволÑ?Ñ?Ñ?
+    злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка)
+    или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? длиннÑ?Ñ? Ñ?Ñ?Ñ?ок, вÑ?зÑ?ваÑ?Ñ?иÑ?
+    пеÑ?еполнение динамиÑ?еÑ?кой памÑ?Ñ?и.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2012-4424";>CVE-2012-4424</a>
 
- -    <p>Stack-based buffer overflow in the strcoll and wcscoll functions
- -    allows context-dependent attackers to cause a denial of service
- -    (crash) or possibly execute arbitrary code via a long string that
- -    triggers a malloc failure and use of the alloca function.</p></li>
+    <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в Ñ?Ñ?нкÑ?иÑ?Ñ? strcoll и wcscoll
+    позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+    (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? длиннÑ?Ñ? Ñ?Ñ?Ñ?ок,
+    вÑ?зÑ?ваÑ?Ñ?иÑ? оÑ?ибкÑ? malloc и иÑ?полÑ?зование Ñ?Ñ?нкÑ?ии alloca.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-0242";>CVE-2013-0242</a>
 
- -    <p>Buffer overflow in the extend_buffers function in the regular
- -    expression matcher allows context-dependent attackers to cause a
- -    denial of service (memory corruption and crash) via crafted
- -    multibyte characters.</p></li>
+    <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в Ñ?Ñ?нкÑ?ии extend_buffers в коде Ñ?Ñ?авнениÑ?
+    длÑ? Ñ?егÑ?лÑ?Ñ?нÑ?Ñ? вÑ?Ñ?ажений позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ?
+    оÑ?каз в обÑ?лÑ?живании (повÑ?еждение Ñ?одеÑ?жимого памÑ?Ñ?и и аваÑ?ийнаÑ? оÑ?Ñ?ановка) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но
+    Ñ?Ñ?оÑ?миÑ?ованнÑ?Ñ? многобайÑ?овÑ?Ñ? Ñ?имволов.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-1914";>CVE-2013-1914</a>,
     <a href="https://security-tracker.debian.org/tracker/CVE-2013-4458";>CVE-2013-4458</a>
 
- -    <p>Stack-based buffer overflow in the getaddrinfo function allows
- -    remote attackers to cause a denial of service (crash) via a
- -    hostname or IP address that triggers a large number of domain
- -    conversion results.</p></li>
+    <p>Ð?еÑ?еполнение бÑ?Ñ?еÑ?а в Ñ?Ñ?нкÑ?ии getaddrinfo позволÑ?еÑ?
+    Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) Ñ? помоÑ?Ñ?Ñ?
+    имени Ñ?зла или IP адÑ?еÑ?а, коÑ?оÑ?Ñ?е пÑ?и иÑ? обÑ?абоÑ?ке кодом длÑ? пÑ?еобÑ?азованиÑ? домена
+    пÑ?иводÑ?Ñ? к поÑ?ождениÑ? болÑ?Ñ?ого Ñ?иÑ?ла Ñ?езÑ?лÑ?Ñ?аÑ?ов пÑ?еобÑ?азованиÑ?.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4237";>CVE-2013-4237</a>
 
- -    <p>readdir_r allows context-dependent attackers to cause a denial of
- -    service (out-of-bounds write and crash) or possibly execute
- -    arbitrary code via a malicious NTFS image or CIFS service.</p></li>
+    <p>readdir_r позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в
+    обÑ?лÑ?живании (запиÑ?Ñ? за пÑ?еделами вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и и аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ?
+    пÑ?оизволÑ?нÑ?й код Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но подгоÑ?овленного обÑ?аза NTFS или Ñ?лÑ?жбÑ? CIFS.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4332";>CVE-2013-4332</a>
 
- -    <p>Multiple integer overflows in malloc/malloc.c allow
- -    context-dependent attackers to cause a denial of service (heap
- -    corruption) via a large value to the pvalloc, valloc,
- -    posix_memalign, memalign, or aligned_alloc functions.</p></li>
+    <p>Ð?ногоÑ?иÑ?леннÑ?е пеÑ?еполнениÑ? Ñ?елÑ?Ñ? Ñ?иÑ?ел в malloc/malloc.c позволÑ?Ñ?Ñ?
+    злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (повÑ?еждение
+    Ñ?одеÑ?жимого динамиÑ?еÑ?кой памÑ?Ñ?и) Ñ? помоÑ?Ñ?Ñ? болÑ?Ñ?ого знаÑ?ениÑ?, пеÑ?едаваемого Ñ?Ñ?нкÑ?иÑ?м pvalloc,
+    valloc, posix_memalign, memalign или aligned_alloc.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4357";>CVE-2013-4357</a>
 
- -    <p>The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,
- -    getservbyname_r, getservbyport, getservbyport_r, and glob
- -    functions do not properly limit stack allocation, which allows
- -    context-dependent attackers to cause a denial of service (crash)
- -    or possibly execute arbitrary code.</p></li>
+    <p>ФÑ?нкÑ?ии getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,
+    getservbyname_r, getservbyport, getservbyport_r и glob
+    непÑ?авилÑ?но огÑ?аниÑ?иваÑ?Ñ? вÑ?деление Ñ?Ñ?ека, Ñ?Ñ?о позволÑ?еÑ?
+    злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка)
+    или поÑ?енÑ?иалÑ?но вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4788";>CVE-2013-4788</a>
 
- -    <p>When the GNU C library is statically linked into an executable,
- -    the PTR_MANGLE implementation does not initialize the random value
- -    for the pointer guard, so that various hardening mechanisms are not
- -    effective.</p></li>
+    <p>Ð?Ñ?ли библиоÑ?ека GNU C Ñ?Ñ?аÑ?иÑ?еÑ?ки Ñ?компонована в вÑ?полнÑ?емÑ?й Ñ?айл,
+    Ñ?о Ñ?еализаÑ?иÑ? PTR_MANGLE не вÑ?полнÑ?еÑ? иниÑ?иализаÑ?иÑ? Ñ?лÑ?Ñ?айного знаÑ?ениÑ?
+    длÑ? заÑ?иÑ?ника Ñ?казаÑ?елей, поÑ?Ñ?омÑ? Ñ?азлиÑ?нÑ?е меÑ?анизмÑ? повÑ?Ñ?ениÑ? Ñ?Ñ?овнÑ? заÑ?иÑ?Ñ?нноÑ?Ñ?и
+    оказÑ?ваÑ?Ñ?Ñ?Ñ? неÑ?Ñ?Ñ?екÑ?ивнÑ?ми.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-7423";>CVE-2013-7423</a>
 
- -    <p>The send_dg function in resolv/res_send.c does not properly reuse
- -    file descriptors, which allows remote attackers to send DNS
- -    queries to unintended locations via a large number of requests that
- -    trigger a call to the getaddrinfo function.</p></li>
+    <p>ФÑ?нкÑ?иÑ? send_dg в resolv/res_send.c непÑ?авилÑ?но повÑ?оÑ?но иÑ?полÑ?зÑ?еÑ?
+    Ñ?айловÑ?е деÑ?кÑ?ипÑ?оÑ?Ñ?, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленника оÑ?Ñ?Ñ?лаÑ?Ñ?
+    DNS-запÑ?оÑ?Ñ? в неожиданнÑ?е меÑ?Ñ?а Ñ? помоÑ?Ñ?Ñ? болÑ?Ñ?ого Ñ?иÑ?ла запÑ?оÑ?ов, пÑ?иводÑ?Ñ?иÑ?
+    к вÑ?зовÑ? Ñ?Ñ?нкÑ?ии getaddrinfo.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-7424";>CVE-2013-7424</a>
 
- -    <p>The getaddrinfo function may attempt to free an invalid pointer
- -    when handling IDNs (Internationalised Domain Names), which allows
- -    remote attackers to cause a denial of service (crash) or possibly
- -    execute arbitrary code.</p></li>
+    <p>ФÑ?нкÑ?иÑ? getaddrinfo можеÑ? попÑ?Ñ?аÑ?Ñ?Ñ?Ñ? оÑ?вободиÑ?Ñ? некоÑ?Ñ?екÑ?нÑ?й Ñ?казаÑ?елÑ?
+    пÑ?и обÑ?абоÑ?ке IDN (инÑ?еÑ?наÑ?ионализиÑ?ованнÑ?Ñ? имÑ?н доменов), Ñ?Ñ?о позволÑ?еÑ?
+    Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но
+    вÑ?полнÑ?Ñ?Ñ? пÑ?оизволÑ?нÑ?й код.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-4043";>CVE-2014-4043</a>
 
- -    <p>The posix_spawn_file_actions_addopen function does not copy its
- -    path argument in accordance with the POSIX specification, which
- -    allows context-dependent attackers to trigger use-after-free
- -    vulnerabilities.</p></li>
+    <p>ФÑ?нкÑ?иÑ? posix_spawn_file_actions_addopen не вÑ?полнÑ?еÑ? копиÑ?ование аÑ?гÑ?менÑ?а
+    пÑ?Ñ?и в Ñ?ооÑ?веÑ?Ñ?Ñ?вии Ñ?о Ñ?пеÑ?иÑ?икаÑ?ией POSIX, Ñ?Ñ?о
+    позволÑ?еÑ? злоÑ?мÑ?Ñ?ленникам в завиÑ?имоÑ?Ñ?и оÑ? конÑ?екÑ?Ñ?а вÑ?зÑ?ваÑ?Ñ? иÑ?полÑ?зование
+    Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и.</p></li>
 
 </ul>
 
- -<p>For the oldstable distribution (squeeze), these problems have been fixed
- -in version 2.11.3-4+deb6u5.</p>
+<p>Ð? пÑ?едÑ?дÑ?Ñ?ем Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (squeeze) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ?
+в веÑ?Ñ?ии 2.11.3-4+deb6u5.</p>
 
- -<p>For the stable distribution (wheezy), these problems were fixed in
- -version 2.13-38+deb7u8 or earlier.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (wheezy) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 2.13-38+deb7u8 или более Ñ?анниÑ?.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXWAfwAAoJEF7nbuICFtKlMqwP/RBpj1jyINXKnm+IR6c1hfG9
YwTLiLr6IEOeZCZ2ohxA3GEVkmRyGuMoxOhXemKKYu9W+ZX1ODusXptW2Da1T8BH
Ci5Dh7pfeeMpZCcEFQ/4CBB4RqJTkp9NMOCGNJFiyaB6lvc3T9X/1xECJ0Aj5rAN
KvDZWWIUg6um/vtQFJqhH/gvMxnmYfg5rnplBA0vHto/FawGUS02fRBP2IwkqqUD
MRE1oCfxlbGTuIiTKFwKizHbFlfiJYFNThOp1e9lBqXQRtCBv2XzQN566BKMLxMs
NhJjZLaxQqpfDeerwEN3ud+xS9XEWEBSGCTk3+C+2mZs7/HFr+F+GtwqNb466w3Z
FXYOc4WY45pTzSYl0LreaN+MhSMeKAWHZXPfIr1KVvgkZGmNR/zu+kjVmjM3iKXB
Aph7ZP0OaqDIywtHAxOa1OhRBs3XJ6xXmk2Fjgshj8rCcpR0hRBhnkztMtaH+t6H
iKt0lq0TpLF3Aczm7JMBYdrZUZVTmXswptn4h4u7j2YI0+QLBPMl9f7OkPpnJvtW
asjt6L/Q1YMomzziaGjcDurk1tZGZ1kFhGWUptyY/5Xt9d3f0H+8kfGN9IPbU6Lf
G+3jCCj+s2V5igRuA2jse+bJzupn7xbbKrJHYS01QSsZhBUdonrWXCye6Xr7wDVQ
5uyq0Ru3iNt9LlIAqJNy
=u8qH
-----END PGP SIGNATURE-----
Reply to: