[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://security/2014/dla-{81,27}.wml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2014/dla-27.wml	2016-04-09 01:32:21.000000000 +0500
+++ russian/security/2014/dla-27.wml	2016-06-28 13:23:17.831857308 +0500
@@ -1,55 +1,55 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.3" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>Fix various denial of service attacks:</p>
+<p>Ð?Ñ?пÑ?авление Ñ?азлиÑ?нÑ?Ñ? аÑ?ак, напÑ?авленнÑ?Ñ? на вÑ?зов оÑ?каза в обÑ?лÑ?живании:</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3487";>CVE-2014-3487</a>
 
- -  <p>The cdf_read_property_info function does not properly validate a stream
- -  offset, which allows remote attackers to cause a denial of service
- -  (application crash) via a crafted CDF file.</p></li>
+  <p>ФÑ?нкÑ?иÑ? cdf_read_property_info непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? оÑ?Ñ?Ñ?Ñ?па
+  поÑ?ока, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+  (аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?айла в Ñ?оÑ?маÑ?е CDF.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3480";>CVE-2014-3480</a>
 
- -  <p>The cdf_count_chain function in cdf.c in does not properly validate
- -  sector-count data, which allows remote attackers to cause a denial of
- -service
- -  (application crash) via a crafted CDF file.</p></li>
+  <p>ФÑ?нкÑ?иÑ? cdf_count_chain в cdf.c непÑ?авилÑ?но вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ?
+  даннÑ?Ñ? о Ñ?иÑ?ле Ñ?екÑ?оÑ?ов, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз
+  в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?айла в Ñ?оÑ?маÑ?е CDF.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3479";>CVE-2014-3479</a>
 
- -  <p>The cdf_check_stream_offset function in cdf.c relies on incorrect
- -  sector-size data, which allows remote attackers to cause a denial of service
- -  (application crash) via a crafted stream offset in a CDF file.</p></li>
+  <p>ФÑ?нкÑ?иÑ? cdf_check_stream_offset в cdf.c иÑ?полÑ?зÑ?еÑ? непÑ?авилÑ?нÑ?е
+  даннÑ?е о Ñ?азмеÑ?е Ñ?екÑ?оÑ?а, Ñ?Ñ?о позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+  (аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного оÑ?Ñ?Ñ?Ñ?па поÑ?ока в Ñ?айле CDF.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3478";>CVE-2014-3478</a>
 
- -  <p>Buffer overflow in the mconvert function in softmagic.c allows remote
- -  attackers to cause a denial of service (application crash) via a crafted
- -  Pascal string in a FILE_PSTRING conversion.</p></li>
+  <p>Ð?Ñ?каз в обÑ?лÑ?живании в Ñ?Ñ?нкÑ?ии mconvert в softmagic.c позволÑ?еÑ? Ñ?далÑ?ннÑ?м
+  злоÑ?мÑ?Ñ?ленникам вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка пÑ?иложениÑ?) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но
+  Ñ?Ñ?оÑ?миÑ?ованной Ñ?Ñ?Ñ?оки на Ñ?зÑ?ке Pascal пÑ?и пÑ?еобÑ?азовании FILE_PSTRING.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0238";>CVE-2014-0238</a>
 
- -  <p>The cdf_read_property_info function in cdf.c allows remote attackers to
- -  cause a denial of service (infinite loop or out-of-bounds memory access) via
- -  a vector that (1) has zero length or (2) is too long.</p></li>
+  <p>ФÑ?нкÑ?иÑ? cdf_read_property_info в cdf.c позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+  вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (беÑ?конеÑ?нÑ?й Ñ?икл или доÑ?Ñ?Ñ?п за гÑ?аниÑ?Ñ? вÑ?деленного бÑ?Ñ?еÑ?а памÑ?Ñ?и) Ñ? помоÑ?Ñ?Ñ?
+  векÑ?оÑ?а, коÑ?оÑ?Ñ?й (1) имееÑ? нÑ?левÑ?Ñ? длинÑ?, либо (2) Ñ?лиÑ?ком длиннÑ?й.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0237";>CVE-2014-0237</a>
 
- -  <p>The cdf_unpack_summary_info function in cdf.c allows remote attackers to
- -  cause a denial of service (performance degradation) by triggering many
- -  file_printf calls.</p></li>
+  <p>ФÑ?нкÑ?иÑ? cdf_unpack_summary_info в cdf.c позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+  вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (Ñ?Ñ?Ñ?дÑ?ение пÑ?оизводиÑ?елÑ?ноÑ?Ñ?и) пÑ?Ñ?Ñ?м вÑ?полнениÑ? болÑ?Ñ?ого
+  колиÑ?еÑ?Ñ?ва вÑ?зовов file_printf.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-0207";>CVE-2014-0207</a>
 
- -  <p>The cdf_read_short_sector function in cdf.c allows remote attackers to
- -  cause a denial of service (assertion failure and application exit) via a
- -  crafted CDF file.</p></li>
+  <p>ФÑ?нкÑ?иÑ? cdf_read_short_sector в cdf.c позволÑ?еÑ? Ñ?далÑ?ннÑ?м злоÑ?мÑ?Ñ?ленникам
+  вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании (оÑ?ибка Ñ?Ñ?веÑ?ждениÑ? или завеÑ?Ñ?ение пÑ?иложениÑ?) Ñ? помоÑ?Ñ?Ñ?
+  Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного Ñ?айла в Ñ?оÑ?маÑ?е CDF.</p></li>
 
 </ul>
 
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in file version 5.04-5+squeeze6</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в пакеÑ?е file веÑ?Ñ?ии 5.04-5+squeeze6</p>
 </define-tag>
 
 # do not modify the following line
- --- english/security/2014/dla-81.wml	2016-04-09 01:32:22.000000000 +0500
+++ russian/security/2014/dla-81.wml	2016-06-28 13:12:51.028987583 +0500
@@ -1,6 +1,7 @@
- -<define-tag description>LTS security update</define-tag>
+#use wml::debian::translation-check translation="1.4" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и LTS</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been found in OpenSSL.</p>
+<p>Ð? OpenSSL бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей.</p>
 
 <ul>
 
@@ -8,43 +9,43 @@
 
 <p>("POODLE")</p>
 
- -    <p>A flaw was found in the way SSL 3.0 handled padding bytes when
- -    decrypting messages encrypted using block ciphers in cipher block
- -    chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)
- -    attacker to decrypt a selected byte of a cipher text in as few as 256
- -    tries if they are able to force a victim application to repeatedly
- -    send the same data over newly created SSL 3.0 connections.</p>
- -
- -    <p>This update adds support for Fallback SCSV to mitigate this issue.
- -    This does not fix the issue.  The proper way to fix this is to
- -    disable SSL 3.0.</p></li>
+    <p>Ð? Ñ?поÑ?обе, иÑ?полÑ?зÑ?емом SSL 3.0 длÑ? обÑ?абоÑ?ки заполнÑ?Ñ?Ñ?иÑ? байÑ?ов, пÑ?и
+    Ñ?аÑ?Ñ?иÑ?Ñ?овке Ñ?ообÑ?ений, заÑ?иÑ?Ñ?ованнÑ?Ñ? Ñ? иÑ?полÑ?зованием блоÑ?нÑ?Ñ? Ñ?иÑ?Ñ?ов в Ñ?ежиме CBC, бÑ?ла
+    обнаÑ?Ñ?жена Ñ?Ñ?звимоÑ?Ñ?Ñ?. ЭÑ?а Ñ?Ñ?звимоÑ?Ñ?Ñ? позволÑ?еÑ? пÑ?Ñ?Ñ?м аÑ?аки по пÑ?инÑ?ипÑ? Ñ?еловек-в-Ñ?еÑ?едине (MITM)
+    Ñ?аÑ?Ñ?иÑ?Ñ?оваÑ?Ñ? избÑ?аннÑ?е байÑ?Ñ? Ñ?иÑ?Ñ?оÑ?екÑ?Ñ?а за 256 попÑ?Ñ?ок в Ñ?ом Ñ?лÑ?Ñ?ае,
+    еÑ?ли злоÑ?мÑ?Ñ?ленник можеÑ? заÑ?Ñ?авиÑ?Ñ? пÑ?иложение жеÑ?Ñ?вÑ? повÑ?оÑ?но
+    оÑ?пÑ?авлÑ?Ñ?Ñ? одни и Ñ?е же даннÑ?е по заново Ñ?оздаваемÑ?м Ñ?оединениÑ?м SSL 3.0.</p>
+
+    <p>Ð?анное обновление добавлÑ?еÑ? поддеÑ?жкÑ? длÑ? Fallback SCSV Ñ? Ñ?ем, Ñ?Ñ?обÑ? Ñ?менÑ?Ñ?иÑ?Ñ? Ñ?иÑ?к данной пÑ?облемÑ?.
+    ЭÑ?о не иÑ?пÑ?авлÑ?еÑ? пÑ?облемÑ?.  Ð?Ñ?пÑ?авиÑ?Ñ? еÑ? можно Ñ?олÑ?ко оÑ?клÑ?Ñ?ив
+    поддеÑ?жкÑ? SSL 3.0.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3567";>CVE-2014-3567</a>
 
- -    <p>A memory leak flaw was found in the way an OpenSSL handled failed
- -    session ticket integrity checks. A remote attacker could exhaust all
- -    available memory of an SSL/TLS or DTLS server by sending a large number
- -    of invalid session tickets to that server.</p></li>
+    <p>Ð?Ñ?ла обнаÑ?Ñ?жена Ñ?Ñ?еÑ?ка памÑ?Ñ?и в Ñ?поÑ?обе, иÑ?полÑ?зÑ?емом OpenSSL длÑ? обÑ?абоÑ?ки
+    неÑ?даÑ?нÑ?Ñ? пÑ?овеÑ?ок Ñ?елоÑ?Ñ?ноÑ?Ñ?и билеÑ?а Ñ?еÑ?Ñ?ии. УдалÑ?ннÑ?й злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?Ñ?еÑ?паÑ?Ñ? вÑ?Ñ?
+    доÑ?Ñ?Ñ?пнÑ?Ñ? памÑ?Ñ?Ñ? SSL/TLS или DTLS Ñ?еÑ?веÑ?а пÑ?Ñ?Ñ?м оÑ?пÑ?авки Ñ?Ñ?омÑ? Ñ?еÑ?веÑ?Ñ?
+    болÑ?Ñ?ого колиÑ?еÑ?Ñ?ва некоÑ?Ñ?екÑ?нÑ?Ñ? Ñ?еÑ?Ñ?ионнÑ?Ñ? билеÑ?ов.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3568";>CVE-2014-3568</a>
 
- -    <p>When OpenSSL is configured with "no-ssl3" as a build option, servers
- -    could accept and complete a SSL 3.0 handshake, and clients could be
- -    configured to send them.</p>
+    <p>Ð?Ñ?ли Ñ?боÑ?ка OpenSSL бÑ?ла пÑ?оизведена Ñ? опÑ?ией "no-ssl3", Ñ?о Ñ?еÑ?веÑ?Ñ?
+    пÑ?инимаÑ?Ñ? и завеÑ?Ñ?аÑ?Ñ? Ñ?Ñ?копожаÑ?ие SSL 3.0, а клиенÑ?Ñ? наÑ?Ñ?Ñ?аиваÑ?Ñ?Ñ?Ñ?
+    на оÑ?пÑ?авкÑ? Ñ?акиÑ? Ñ?Ñ?копожаÑ?ий.</p>
 
- -    <p>Note that the package is Debian is not build with this option.</p></li>
+    <p>Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о пакеÑ? в Debian Ñ?обиÑ?аеÑ?Ñ?Ñ? без Ñ?Ñ?ой опÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3569";>CVE-2014-3569</a>
 
- -    <p>When openssl is build with the no-ssl3 option and a SSL v3 Client
- -    Hello is received the ssl method would be set to NULL which could
- -    later result in a NULL pointer dereference.</p>
+    <p>Ð?Ñ?ли Ñ?боÑ?ка OpenSSL бÑ?ла пÑ?оизведена Ñ? опÑ?ией "no-ssl3", и полÑ?Ñ?ено Ñ?ообÑ?ение SSL v3 Client
+    Hello, Ñ?о меÑ?од ssl Ñ?Ñ?Ñ?анавливаеÑ?Ñ?Ñ? в знаÑ?ение NULL, Ñ?Ñ?о позже можеÑ? пÑ?иводиÑ?Ñ?
+    к Ñ?азÑ?менованиÑ? NULL-Ñ?казаÑ?елÑ?.</p>
 
- -    <p>Note that the package is Debian is not build with this option.</p></li>
+    <p>Ð?амеÑ?Ñ?Ñ?е, Ñ?Ñ?о пакеÑ? в Debian Ñ?обиÑ?аеÑ?Ñ?Ñ? без Ñ?Ñ?ой опÑ?ии.</p></li>
 
 </ul>
 
- -<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in openssl version 0.9.8o-4squeeze18</p>
+<p>Ð? Debian 6 <q>Squeeze</q> Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в пакеÑ?е openssl веÑ?Ñ?ии 0.9.8o-4squeeze18</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXcjP4AAoJEF7nbuICFtKlq+sP/2nGxIu2iWKrwS+vxwJHzLkq
oNkNNKyAq4ls1S8t6iS5HHXxXH7UvzA04wjvyY6q/U2qbigYHKNqvZizKzhqPZlS
TaJK4SrJ08xxnZx8y/jP3ed4EYSiEnn2tnB35F7vhzdnxnEpBerOiICjZaHW68Wg
WoyrqESPCADzi5SIEkRBxu28Fh2c9Kp8/C9BBNy/JeeqnetUPwVsFqXTjmKgXdng
+v1M0kVvNc97LdGXuBx05MIf4mRX9PVxWIhIFhWyWPp44mGYgvuHB2effsmlBTec
5S2rTbwvZmT9uJdQHXVwkfOnna70yGR2Iss+Pe4vQEcD/u3AL/+rE9KkqA+uldv0
XoLEdufz8ya+6y3nbXa9O+LP2QS4mAt1TpOGVgCI2J+4vn/05qjph16hSj5IZA7N
Ig0qryLsDWOHxm+TUsJ5sE22Og7IbovgCP7VnxitiuyXEec7ih8q4SUjn72bH4kx
Ot1qykvl9NAQfw2wWiNYkRA9hcmzV6263VNBsHT9qJMqgXLn17l5DlGcu6LqN5Cg
kYj++CWgaFoXZeu9lz7scN73Hn7Il5RblV82StcTLzDoUSVJRQ4LogYLI8Gc2hnF
peqLmVdln5W/N3j1SZYNE8be/BTQHz0mfS8omzSnfTZnHzcnVDN6hpDWZmU3u0DY
lOizF4NJJ+IfQ/oivswk
=zPWX
-----END PGP SIGNATURE-----
Reply to: