[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DONE] wml://{security/2016/dsa-3607.wml}

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --- english/security/2016/dsa-3607.wml	2016-06-28 15:42:48.000000000 +0500
+++ russian/security/2016/dsa-3607.wml	2016-06-28 16:50:45.321513561 +0500
@@ -1,8 +1,9 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
 <define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или Ñ?Ñ?еÑ?кам
+инÑ?оÑ?маÑ?ии.</p>
 
 <ul>
 
@@ -16,118 +17,118 @@
     <a href="https://security-tracker.debian.org/tracker/CVE-2016-3138";>CVE-2016-3138</a>,
     <a href="https://security-tracker.debian.org/tracker/CVE-2016-3140";>CVE-2016-3140</a>
 
- -    <p>Ralf Spenneberg of OpenSource Security reported that various USB
- -    drivers do not sufficiently validate USB descriptors.  This
- -    allowed a physically present user with a specially designed USB
- -    device to cause a denial of service (crash).</p></li>
+    <p>РалÑ?Ñ? ШпенненбеÑ?г из OpenSource Security Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?азлиÑ?нÑ?е дÑ?айвеÑ?Ñ? USB
+    вÑ?полнÑ?Ñ?Ñ? недоÑ?Ñ?аÑ?оÑ?нÑ?е пÑ?овеÑ?ки USB-деÑ?кÑ?ипÑ?оÑ?ов.  ЭÑ?о
+    позволÑ?еÑ? полÑ?зоваÑ?елÑ?, имеÑ?Ñ?емÑ? Ñ?изиÑ?еÑ?кий доÑ?Ñ?Ñ?п к Ñ?иÑ?Ñ?еме, вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+    (аваÑ?ийнаÑ? оÑ?Ñ?ановка) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0821";>CVE-2016-0821</a>
 
- -    <p>Solar Designer noted that the list <q>poisoning</q> feature, intended
- -    to mitigate the effects of bugs in list manipulation in the
- -    kernel, used poison values within the range of virtual addresses
- -    that can be allocated by user processes.</p></li>
+    <p>Solar Designer замеÑ?ил, Ñ?Ñ?о возможноÑ?Ñ?Ñ? <q>оÑ?Ñ?авлениÑ?</q> Ñ?пиÑ?ка, пÑ?едназнаÑ?еннаÑ?
+    длÑ? Ñ?менÑ?Ñ?ениÑ? влиÑ?ниÑ? оÑ?ибок пÑ?и Ñ?абоÑ?е Ñ?о Ñ?пиÑ?ками в
+    Ñ?дÑ?е, иÑ?полÑ?зÑ?еÑ? оÑ?Ñ?авленнÑ?е знаÑ?ениÑ? в пÑ?еделаÑ? диапазона виÑ?Ñ?Ñ?алÑ?нÑ?Ñ? адÑ?еÑ?ов,
+    коÑ?оÑ?Ñ?е могÑ?Ñ? бÑ?Ñ?Ñ? вÑ?деленÑ? полÑ?зоваÑ?елÑ?Ñ?ким пÑ?оÑ?еÑ?Ñ?ам.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-1237";>CVE-2016-1237</a>
 
- -    <p>David Sinquin discovered that nfsd does not check permissions when
- -    setting ACLs, allowing users to grant themselves permissions to a
- -    file by setting the ACL.</p></li>
+    <p>Ð?Ñ?вид Синкин обнаÑ?Ñ?жил, Ñ?Ñ?о nfsd не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? пÑ?ав доÑ?Ñ?Ñ?па пÑ?и
+    Ñ?Ñ?Ñ?ановке ACL, Ñ?Ñ?о позволÑ?еÑ? полÑ?зоваÑ?елÑ?м даваÑ?Ñ? Ñ?ебе пÑ?ава доÑ?Ñ?Ñ?па
+    к Ñ?айлÑ? пÑ?Ñ?Ñ?м Ñ?Ñ?Ñ?ановки ACL.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-1583";>CVE-2016-1583</a>
 
- -    <p>Jann Horn of Google Project Zero reported that the eCryptfs
- -    filesystem could be used together with the proc filesystem to
- -    cause a kernel stack overflow.  If the ecryptfs-utils package is
- -    installed, local users could exploit this, via the
- -    mount.ecryptfs_private program, for denial of service (crash) or
- -    possibly for privilege escalation.</p></li>
+    <p>Ян ХоÑ?н из Google Project Zero Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?айловаÑ? Ñ?иÑ?Ñ?еме eCryptfs
+    можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? вмеÑ?Ñ?е Ñ? Ñ?айловой Ñ?иÑ?Ñ?емой proc Ñ? Ñ?елÑ?Ñ?
+    вÑ?зова пеÑ?еполнениÑ? Ñ?Ñ?ека Ñ?дÑ?а.  Ð?Ñ?ли в Ñ?иÑ?Ñ?еме Ñ?Ñ?Ñ?ановлен пакеÑ? ecryptfs-utils,
+    Ñ?о локалÑ?нÑ?е полÑ?зоваÑ?ели могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ?
+    пÑ?огÑ?аммÑ? mount.ecryptfs_private длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или
+    возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2117";>CVE-2016-2117</a>
 
- -    <p>Justin Yackoski of Cryptonite discovered that the Atheros L2
- -    ethernet driver incorrectly enables scatter/gather I/O. A remote
- -    attacker could take advantage of this flaw to obtain potentially
- -    sensitive information from kernel memory.</p></li>
+    <p>Ð?жаÑ?Ñ?ин ЯкоÑ?ки из Cryptonite обнаÑ?Ñ?жил, Ñ?Ñ?о дÑ?айвеÑ? локалÑ?ной Ñ?еÑ?и Atheros L2
+    непÑ?авилÑ?но вклÑ?Ñ?аеÑ? Ñ?азбÑ?оÑ?/Ñ?боÑ? I/O. УдалÑ?ннÑ?й
+    злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? поÑ?енÑ?иалÑ?но
+    Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии из памÑ?Ñ?и Ñ?дÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2143";>CVE-2016-2143</a>
 
- -    <p>Marcin Koscielnicki discovered that the fork implementation in the
- -    Linux kernel on s390 platforms mishandles the case of four
- -    page-table levels, which allows local users to cause a denial of
- -    service (system crash).</p></li>
+    <p>Ð?аÑ?Ñ?ин Ð?оÑ?Ñ?елÑ?ниÑ?ки обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? fork в
+    Ñ?дÑ?е Linux на плаÑ?Ñ?оÑ?маÑ? Ñ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?ой s390 непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? Ñ?иÑ?Ñ?аÑ?иÑ? Ñ?
+    Ñ?еÑ?Ñ?Ñ?Ñ?мÑ? Ñ?Ñ?овнÑ?ми Ñ?аблиÑ?Ñ? Ñ?Ñ?Ñ?аниÑ?, Ñ?Ñ?о позволÑ?еÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м вÑ?зÑ?ваÑ?Ñ? оÑ?каз
+    в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка Ñ?иÑ?Ñ?емÑ?).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3070";>CVE-2016-3070</a>
 
- -    <p>Jan Stancek of Red Hat discovered a local denial of service
- -    vulnerability in AIO handling.</p></li>
+    <p>Ян СÑ?анÑ?ек из Red Hat обнаÑ?Ñ?жил локалÑ?нÑ?й оÑ?каз в обÑ?лÑ?живании
+    в коде длÑ? обÑ?абоÑ?ки AIO.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3134";>CVE-2016-3134</a>
 
- -    <p>The Google Project Zero team found that the netfilter subsystem does
- -    not sufficiently validate filter table entries. A user with the
- -    CAP_NET_ADMIN capability could use this for denial of service
- -    (crash) or possibly for privilege escalation. Debian disables
- -    unprivileged user namespaces by default, if locally enabled with the
- -    kernel.unprivileged_userns_clone sysctl, this allows privilege
- -    escalation.</p></li>
+    <p>Ð?оманда Google Project Zero обнаÑ?Ñ?жила, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter недоÑ?Ñ?аÑ?оÑ?но
+    пÑ?овеÑ?Ñ?еÑ? запиÑ?и Ñ?аблиÑ?Ñ? Ñ?илÑ?Ñ?Ñ?ов. Ð?олÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий возможноÑ?Ñ?Ñ?
+    CAP_NET_ADMIN, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? пÑ?облемÑ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании
+    (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или возможного повÑ?Ñ?ениÑ? пÑ?ивилегий. Ð? Debian по Ñ?молÑ?аниÑ?
+    оÑ?клÑ?Ñ?енÑ? непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?елÑ?Ñ?кие пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва имÑ?н. Ð?Ñ?ли же они вклÑ?Ñ?енÑ?
+    локалÑ?но Ñ? помоÑ?Ñ?Ñ? kernel.unprivileged_userns_clone sysctl, Ñ?о Ñ?Ñ?о позволÑ?еÑ?
+    вÑ?полнÑ?Ñ?Ñ? повÑ?Ñ?ение пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3156";>CVE-2016-3156</a>
 
- -    <p>Solar Designer discovered that the IPv4 implementation in the Linux
- -    kernel did not perform the destruction of inet device objects
- -    properly. An attacker in a guest OS could use this to cause a denial
- -    of service (networking outage) in the host OS.</p></li>
+    <p>Solar Designer обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? IPv4 в Ñ?дÑ?е Linux
+    не вÑ?полнÑ?еÑ? коÑ?Ñ?екÑ?ного Ñ?ниÑ?Ñ?ожениÑ? обÑ?екÑ?ов
+    inet-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?в. Ð?лоÑ?мÑ?Ñ?ленник, Ñ?абоÑ?аÑ?Ñ?ий в гоÑ?Ñ?евой Ñ?иÑ?Ñ?еме, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?о
+    длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (оÑ?клÑ?Ñ?ение Ñ?еÑ?и) в оÑ?новной Ñ?иÑ?Ñ?еме.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3157";>CVE-2016-3157</a> /
     XSA-171
 
- -    <p>Andy Lutomirski discovered that the x86_64 (amd64) task switching
- -    implementation did not correctly update the I/O permission level
- -    when running as a Xen paravirtual (PV) guest.  In some
- -    configurations this would allow local users to cause a denial of
- -    service (crash) or to escalate their privileges within the guest.</p></li>
+    <p>Энди Ð?Ñ?Ñ?омиÑ?Ñ?ки обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? пеÑ?еклÑ?Ñ?ениÑ? задаÑ? в аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?е
+    x86_64 (amd64) непÑ?авилÑ?но обновлÑ?еÑ? Ñ?Ñ?овенÑ? пÑ?ав доÑ?Ñ?Ñ?па I/O в Ñ?ом Ñ?лÑ?Ñ?ае,
+    еÑ?ли Ñ?иÑ?Ñ?ема Ñ?абоÑ?аеÑ? в каÑ?еÑ?Ñ?ве гоÑ?Ñ?евой Ñ?иÑ?Ñ?емÑ? Xen (PV).  Ð?Ñ?и некоÑ?оÑ?Ñ?Ñ?
+    наÑ?Ñ?Ñ?ойкаÑ? Ñ?Ñ?о позволÑ?еÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м вÑ?зÑ?ваÑ?Ñ? оÑ?каз в
+    обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или повÑ?Ñ?аÑ?Ñ? Ñ?вои пÑ?ивилегии в гоÑ?Ñ?евой Ñ?иÑ?Ñ?еме.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3672";>CVE-2016-3672</a>
 
- -    <p>Hector Marco and Ismael Ripoll noted that it was possible to disable
- -    Address Space Layout Randomisation (ASLR) for x86_32 (i386) programs
- -    by removing the stack resource limit. This made it easier for local
- -    users to exploit security flaws in programs that have the setuid or
- -    setgid flag set.</p></li>
+    <p>Ð?екÑ?оÑ? Ð?аÑ?Ñ?о и Ð?Ñ?маÑ?лÑ? Рипол замеÑ?или, Ñ?Ñ?о можно оÑ?клÑ?Ñ?иÑ?Ñ?
+    ASLR длÑ? пÑ?огÑ?амм под аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? x86_32 (i386) пÑ?Ñ?Ñ?м
+    Ñ?далениÑ? огÑ?аниÑ?ениÑ? Ñ?еÑ?Ñ?Ñ?Ñ?ов Ñ?Ñ?ека. ЭÑ?о облегÑ?аеÑ? локалÑ?нÑ?м
+    полÑ?зоваÑ?елÑ?м иÑ?полÑ?зование Ñ?Ñ?звимоÑ?Ñ?ей в пÑ?огÑ?аммаÑ?, имеÑ?Ñ?иÑ? Ñ?лаг пÑ?ав доÑ?Ñ?Ñ?па, позволÑ?Ñ?Ñ?ий
+    запÑ?Ñ?каÑ?Ñ? иÑ? оÑ? лиÑ?а владелÑ?Ñ?а или гÑ?Ñ?ппÑ? владелÑ?Ñ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3951";>CVE-2016-3951</a>
 
- -    <p>It was discovered that the cdc_ncm driver would free memory
- -    prematurely if certain errors occurred during its initialisation.
- -    This allowed a physically present user with a specially designed
- -    USB device to cause a denial of service (crash) or possibly to
- -    escalate their privileges.</p></li>
+    <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о дÑ?айвеÑ? cdc_ncm пÑ?еждевÑ?еменно
+    оÑ?вобождаеÑ? памÑ?Ñ?Ñ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли возникаÑ?Ñ? оÑ?ибки пÑ?и иниÑ?иализаÑ?ии.
+    ЭÑ?о позволÑ?еÑ? полÑ?зоваÑ?елÑ?, имеÑ?Ñ?емÑ? Ñ?изиÑ?еÑ?кий доÑ?Ñ?Ñ?п к Ñ?иÑ?Ñ?еме, вÑ?зÑ?ваÑ?Ñ? оÑ?каз в
+    обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но повÑ?Ñ?аÑ?Ñ? Ñ?вои пÑ?ивилегии Ñ?
+    помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3955";>CVE-2016-3955</a>
 
- -    <p>Ignat Korchagin reported that the usbip subsystem did not check
- -    the length of data received for a USB buffer.  This allowed denial
- -    of service (crash) or privilege escalation on a system configured
- -    as a usbip client, by the usbip server or by an attacker able to
- -    impersonate it over the network.  A system configured as a usbip
- -    server might be similarly vulnerable to physically present users.</p></li>
+    <p>Ð?гнаÑ? Ð?оÑ?Ñ?агин Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема usbip не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? длинÑ?
+    полÑ?Ñ?аемÑ?Ñ? длÑ? бÑ?Ñ?еÑ?а USB даннÑ?Ñ?.  ЭÑ?о позволÑ?еÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в
+    обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или повÑ?Ñ?аÑ?Ñ? пÑ?ивилегии в Ñ?иÑ?Ñ?еме, вÑ?полнÑ?Ñ?Ñ?ей
+    Ñ?олÑ? клиенÑ?а usbip, Ñ?о Ñ?Ñ?оÑ?онÑ? Ñ?еÑ?веÑ?а usbip или злоÑ?мÑ?Ñ?ленника, Ñ?поÑ?обного
+    подделаÑ?Ñ? Ñ?акой Ñ?еÑ?веÑ? в Ñ?еÑ?и.  СиÑ?Ñ?ема, вÑ?полнÑ?Ñ?Ñ?аÑ? Ñ?олÑ? Ñ?еÑ?веÑ?а usbip,
+    можеÑ? Ñ?Ñ?однÑ?м обÑ?азом бÑ?Ñ?Ñ? Ñ?Ñ?звима пÑ?и Ñ?Ñ?ловии, Ñ?Ñ?о полÑ?зоваÑ?елÑ? имееÑ? к ней Ñ?изиÑ?еÑ?кий доÑ?Ñ?Ñ?п.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3961";>CVE-2016-3961</a> /
     XSA-174
 
- -    <p>Vitaly Kuznetsov of Red Hat discovered that Linux allowed the use of
- -    hugetlbfs on x86 (i386 and amd64) systems even when running as a Xen
- -    paravirtualised (PV) guest, although Xen does not support huge
- -    pages. This allowed users with access to /dev/hugepages to cause a
- -    denial of service (crash) in the guest.</p></li>
+    <p>Ð?иÑ?алий Ð?Ñ?знеÑ?ов из Red Hat обнаÑ?Ñ?жил, Ñ?Ñ?о Linux позволÑ?еÑ? иÑ?полÑ?зоваÑ?Ñ?
+    hugetlbfs на Ñ?иÑ?Ñ?емаÑ? Ñ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?ой x86 (i386 и amd64) даже в Ñ?ом Ñ?лÑ?Ñ?ае, когда
+    иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? в каÑ?еÑ?Ñ?ве гоÑ?Ñ?евой Ñ?иÑ?Ñ?емÑ? Xen (PV), Ñ?оÑ?Ñ? Xen не поддеÑ?живаеÑ? болÑ?Ñ?ие
+    Ñ?Ñ?Ñ?аниÑ?Ñ?. ЭÑ?о позволÑ?еÑ? полÑ?зоваÑ?елÑ?м, имеÑ?Ñ?им доÑ?Ñ?Ñ?п к /dev/hugepages, вÑ?зÑ?ваÑ?Ñ?
+    оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) на гоÑ?Ñ?евой Ñ?иÑ?Ñ?еме.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4470";>CVE-2016-4470</a>
 
- -    <p>David Howells of Red Hat discovered that a local user can trigger a
- -    flaw in the Linux kernel's handling of key lookups in the keychain
- -    subsystem, leading to a denial of service (crash) or possibly to
- -    privilege escalation.</p></li>
+    <p>Ð?Ñ?вид ХоÑ?еллÑ? из Red Hat обнаÑ?Ñ?жил, Ñ?Ñ?о локалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? вÑ?зваÑ?Ñ?
+    оÑ?ибкÑ? в коде Ñ?дÑ?а Linux длÑ? обÑ?абоÑ?ки поиÑ?ка клÑ?Ñ?ей в подÑ?иÑ?Ñ?еме keychain,
+    Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или возможномÑ?
+    повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4482";>CVE-2016-4482</a>,
     <a href="https://security-tracker.debian.org/tracker/CVE-2016-4485";>CVE-2016-4485</a>,
@@ -138,54 +139,54 @@
     <a href="https://security-tracker.debian.org/tracker/CVE-2016-5243";>CVE-2016-5243</a>,
     <a href="https://security-tracker.debian.org/tracker/CVE-2016-5244";>CVE-2016-5244</a>
 
- -    <p>Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA
- -    timer, x25, tipc, and rds facilities leaked information from the
- -    kernel stack.</p></li>
+    <p>Ð?Ñ?нджи Ð?Ñ? Ñ?ообÑ?ил, Ñ?Ñ?о в USB devio, llc, rtnetlink, ALSA
+    timer, x25, tipc и rds могÑ?Ñ? пÑ?оиÑ?Ñ?одиÑ?Ñ? Ñ?Ñ?еÑ?ки инÑ?оÑ?маÑ?ии из
+    Ñ?Ñ?ека Ñ?дÑ?а.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4565";>CVE-2016-4565</a>
 
- -    <p>Jann Horn of Google Project Zero reported that various components
- -    in the InfiniBand stack implemented unusual semantics for the
- -    write() operation.  On a system with InfiniBand drivers loaded,
- -    local users could use this for denial of service or privilege
- -    escalation.</p></li>
+    <p>Ян ХоÑ?н из Google Project Zero Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?азлиÑ?нÑ?е компоненÑ?Ñ?
+    в Ñ?Ñ?еке InfiniBand Ñ?еализÑ?Ñ?Ñ? необÑ?Ñ?нÑ?Ñ? Ñ?еманÑ?икÑ? длÑ? опеÑ?аÑ?ии
+    write().  Ð? Ñ?иÑ?Ñ?еме Ñ? загÑ?Ñ?женнÑ?ми дÑ?айвеÑ?ами InfiniBand
+    локалÑ?нÑ?е полÑ?зоваÑ?ели могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?казаннÑ?Ñ? пÑ?облемÑ? длÑ? вÑ?зова оÑ?каза
+    в обÑ?лÑ?живании или повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4581";>CVE-2016-4581</a>
 
- -    <p>Tycho Andersen discovered that in some situations the Linux kernel
- -    did not handle propagated mounts correctly. A local user can take
- -    advantage of this flaw to cause a denial of service (system crash).</p></li>
+    <p>ТиÑ?о Ð?ндеÑ?Ñ?ен обнаÑ?Ñ?жил, Ñ?Ñ?о в некоÑ?оÑ?Ñ?Ñ? Ñ?иÑ?Ñ?аÑ?иÑ?Ñ? Ñ?дÑ?о Linux непÑ?авилÑ?но
+    обÑ?абаÑ?Ñ?ваеÑ? пеÑ?еданнÑ?е монÑ?иÑ?ованиÑ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ?
+    иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка Ñ?иÑ?Ñ?емÑ?).</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4805";>CVE-2016-4805</a>
 
- -    <p>Baozeng Ding discovered a use-after-free in the generic PPP layer in
- -    the Linux kernel. A local user can take advantage of this flaw to
- -    cause a denial of service (system crash), or potentially escalate
- -    their privileges.</p></li>
+    <p>Ð?аоÑ?зÑ?н Ð?ин обнаÑ?Ñ?жил иÑ?полÑ?зование Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и в обÑ?ем
+    Ñ?лое PPP в Ñ?дÑ?е Linux. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+    длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка Ñ?иÑ?Ñ?емÑ?) или поÑ?енÑ?иалÑ?ного
+    повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4913";>CVE-2016-4913</a>
 
- -    <p>Al Viro found that the ISO9660 filesystem implementation did not
- -    correctly count the length of certain invalid name entries.
- -    Reading a directory containing such name entries would leak
- -    information from kernel memory.  Users permitted to mount disks or
- -    disk images could use this to obtain sensitive information.</p></li>
+    <p>Ð?л Ð?иÑ?о обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? Ñ?айловой Ñ?иÑ?Ñ?емÑ? ISO9660 непÑ?авилÑ?но вÑ?полнÑ?еÑ?
+    подÑ?Ñ?Ñ?Ñ? длинÑ? опÑ?еделÑ?ннÑ?Ñ? некоÑ?Ñ?екÑ?нÑ?Ñ? запиÑ?ей имÑ?н.
+    ЧÑ?ение каÑ?алога, Ñ?одеÑ?жаÑ?его Ñ?акие запиÑ?и имÑ?н, пÑ?иводиÑ? к Ñ?Ñ?еÑ?ке
+    инÑ?оÑ?маÑ?ии из памÑ?Ñ?и Ñ?дÑ?а.  Ð?олÑ?зоваÑ?ели, коÑ?оÑ?Ñ?е могÑ?Ñ? монÑ?иÑ?оваÑ?Ñ? диÑ?ки или
+    обÑ?азÑ? диÑ?ков, могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4997";>CVE-2016-4997</a> /
     <a href="https://security-tracker.debian.org/tracker/CVE-2016-4998";>CVE-2016-4998</a>
 
- -    <p>Jesse Hertz and Tim Newsham discovered that missing input sanitising
- -    in Netfilter socket handling may result in denial of service. Debian
- -    disables unprivileged user namespaces by default, if locally enabled
- -    with the kernel.unprivileged_userns_clone sysctl, this also allows
- -    privilege escalation.</p></li>
+    <p>Ð?жеÑ?Ñ? Ð?еÑ?Ñ? и Тим Ð?Ñ?Ñ?Ñ?Ñ?м обнаÑ?Ñ?жили, Ñ?Ñ?о оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вие оÑ?иÑ?Ñ?ки вÑ?однÑ?Ñ? даннÑ?Ñ?
+    в коде обÑ?абоÑ?ки Ñ?океÑ?а Netfilter можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании. Ð?о Ñ?молÑ?аниÑ? в
+    Debian оÑ?клÑ?Ñ?енÑ? непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?елÑ?Ñ?кие пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва имÑ?н. Ð?Ñ?ли они
+    вклÑ?Ñ?енÑ? локалÑ?но Ñ? помоÑ?Ñ?Ñ? sysctl kernel.unprivileged_userns_clone, Ñ?о Ñ?Ñ?о позволÑ?еÑ?
+    вÑ?полнÑ?Ñ?Ñ? повÑ?Ñ?ение пÑ?ивилегий.</p></li>
 
 </ul>
 
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 3.16.7-ckt25-2+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.16.7-ckt25-2+deb8u2.</p>
 
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
 </define-tag>
 
 # do not modify the following line
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXcmSYAAoJEF7nbuICFtKlF94P/2hgWcYe6HOtDzPaItRT85cX
trakRjo4DgVro7n+08V0rIXB3F/hPwTOfJ2+5MqpKpP8oFBdHDn/05t4aY05sNXD
g1nAVqV8SjdcDXX9PtbJ5AfLHwt2AqyQb/SMmEEXqD6adF90liWEgBh3hgCChheV
vg+o/yEAygBVTxk9mkrtIREZgina+yUlLMdpit5dapY4xSoXV9PAPzV5qGJU9+tt
Jv0HVZCQ3TO9gVwbkBeA9hQKCMt5eI4aHJHTVm8h2qRrP2fNYcgtgM54ouW3+a3B
Hj8LsO7EBFwdSADM93r2mT7fZAj47EacKKqUazTtEGsOUWihkHfrTwAba1A1MJJj
egchjY4X0qoxaf3FqgyjgsvEu1MKs4JoI3plXe1e8Koz/m3QumP6NvvHfQHo3197
S6MM6SQsZrfXmvR+q5p+XUa1ufxnvVEFYhXbEfVw/+MWMT13rRz1x4yCAMhs0BOh
e5t7Z6OWOdl1ERFPj5GAz7n4AerfUHfHhsf00eTGhBwF4cNocK7YapWqR1KOMK6a
TbHRWP8rAztwOjbbpdvG8rN+ey8xklPcXxoJq/zBrONC9UqG2Upz8JiCBHk5xNpq
+HWgZi79e5agv0hiq9B447EKBDlzXWAV539K9bnEzJDxTEHcdGGvi4CDQ2/LISxp
lBDyn/VLaJWsWgoT5iku
=4xBw
-----END PGP SIGNATURE-----
Reply to: