[DONE] wml://{security/2016/dsa-3607.wml}
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- --- english/security/2016/dsa-3607.wml 2016-06-28 15:42:48.000000000 +0500
+++ russian/security/2016/dsa-3607.wml 2016-06-28 16:50:45.321513561 +0500
@@ -1,8 +1,9 @@
- -<define-tag description>security update</define-tag>
+#use wml::debian::translation-check translation="1.1" maintainer="Lev Lamberov"
+<define-tag description>обновление безопаÑ?ноÑ?Ñ?и</define-tag>
<define-tag moreinfo>
- -<p>Several vulnerabilities have been discovered in the Linux kernel that
- -may lead to a privilege escalation, denial of service or information
- -leaks.</p>
+<p>Ð? Ñ?дÑ?е Linux бÑ?ло обнаÑ?Ñ?жено неÑ?колÑ?ко Ñ?Ñ?звимоÑ?Ñ?ей, коÑ?оÑ?Ñ?е
+могÑ?Ñ? пÑ?иводиÑ?Ñ? к повÑ?Ñ?ениÑ? пÑ?ивилегий, оÑ?казÑ? в обÑ?лÑ?живании или Ñ?Ñ?еÑ?кам
+инÑ?оÑ?маÑ?ии.</p>
<ul>
@@ -16,118 +17,118 @@
<a href="https://security-tracker.debian.org/tracker/CVE-2016-3138">CVE-2016-3138</a>,
<a href="https://security-tracker.debian.org/tracker/CVE-2016-3140">CVE-2016-3140</a>
- - <p>Ralf Spenneberg of OpenSource Security reported that various USB
- - drivers do not sufficiently validate USB descriptors. This
- - allowed a physically present user with a specially designed USB
- - device to cause a denial of service (crash).</p></li>
+ <p>РалÑ?Ñ? ШпенненбеÑ?г из OpenSource Security Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?азлиÑ?нÑ?е дÑ?айвеÑ?Ñ? USB
+ вÑ?полнÑ?Ñ?Ñ? недоÑ?Ñ?аÑ?оÑ?нÑ?е пÑ?овеÑ?ки USB-деÑ?кÑ?ипÑ?оÑ?ов. ÐÑ?о
+ позволÑ?еÑ? полÑ?зоваÑ?елÑ?, имеÑ?Ñ?емÑ? Ñ?изиÑ?еÑ?кий доÑ?Ñ?Ñ?п к Ñ?иÑ?Ñ?еме, вÑ?зÑ?ваÑ?Ñ? оÑ?каз в обÑ?лÑ?живании
+ (аваÑ?ийнаÑ? оÑ?Ñ?ановка) Ñ? помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-0821">CVE-2016-0821</a>
- - <p>Solar Designer noted that the list <q>poisoning</q> feature, intended
- - to mitigate the effects of bugs in list manipulation in the
- - kernel, used poison values within the range of virtual addresses
- - that can be allocated by user processes.</p></li>
+ <p>Solar Designer замеÑ?ил, Ñ?Ñ?о возможноÑ?Ñ?Ñ? <q>оÑ?Ñ?авлениÑ?</q> Ñ?пиÑ?ка, пÑ?едназнаÑ?еннаÑ?
+ длÑ? Ñ?менÑ?Ñ?ениÑ? влиÑ?ниÑ? оÑ?ибок пÑ?и Ñ?абоÑ?е Ñ?о Ñ?пиÑ?ками в
+ Ñ?дÑ?е, иÑ?полÑ?зÑ?еÑ? оÑ?Ñ?авленнÑ?е знаÑ?ениÑ? в пÑ?еделаÑ? диапазона виÑ?Ñ?Ñ?алÑ?нÑ?Ñ? адÑ?еÑ?ов,
+ коÑ?оÑ?Ñ?е могÑ?Ñ? бÑ?Ñ?Ñ? вÑ?деленÑ? полÑ?зоваÑ?елÑ?Ñ?ким пÑ?оÑ?еÑ?Ñ?ам.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-1237">CVE-2016-1237</a>
- - <p>David Sinquin discovered that nfsd does not check permissions when
- - setting ACLs, allowing users to grant themselves permissions to a
- - file by setting the ACL.</p></li>
+ <p>Ð?Ñ?вид Синкин обнаÑ?Ñ?жил, Ñ?Ñ?о nfsd не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? пÑ?ав доÑ?Ñ?Ñ?па пÑ?и
+ Ñ?Ñ?Ñ?ановке ACL, Ñ?Ñ?о позволÑ?еÑ? полÑ?зоваÑ?елÑ?м даваÑ?Ñ? Ñ?ебе пÑ?ава доÑ?Ñ?Ñ?па
+ к Ñ?айлÑ? пÑ?Ñ?Ñ?м Ñ?Ñ?Ñ?ановки ACL.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-1583">CVE-2016-1583</a>
- - <p>Jann Horn of Google Project Zero reported that the eCryptfs
- - filesystem could be used together with the proc filesystem to
- - cause a kernel stack overflow. If the ecryptfs-utils package is
- - installed, local users could exploit this, via the
- - mount.ecryptfs_private program, for denial of service (crash) or
- - possibly for privilege escalation.</p></li>
+ <p>Ян ХоÑ?н из Google Project Zero Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?айловаÑ? Ñ?иÑ?Ñ?еме eCryptfs
+ можеÑ? иÑ?полÑ?зоваÑ?Ñ?Ñ?Ñ? вмеÑ?Ñ?е Ñ? Ñ?айловой Ñ?иÑ?Ñ?емой proc Ñ? Ñ?елÑ?Ñ?
+ вÑ?зова пеÑ?еполнениÑ? Ñ?Ñ?ека Ñ?дÑ?а. Ð?Ñ?ли в Ñ?иÑ?Ñ?еме Ñ?Ñ?Ñ?ановлен пакеÑ? ecryptfs-utils,
+ Ñ?о локалÑ?нÑ?е полÑ?зоваÑ?ели могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? Ñ? помоÑ?Ñ?Ñ?
+ пÑ?огÑ?аммÑ? mount.ecryptfs_private длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или
+ возможного повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2117">CVE-2016-2117</a>
- - <p>Justin Yackoski of Cryptonite discovered that the Atheros L2
- - ethernet driver incorrectly enables scatter/gather I/O. A remote
- - attacker could take advantage of this flaw to obtain potentially
- - sensitive information from kernel memory.</p></li>
+ <p>Ð?жаÑ?Ñ?ин ЯкоÑ?ки из Cryptonite обнаÑ?Ñ?жил, Ñ?Ñ?о дÑ?айвеÑ? локалÑ?ной Ñ?еÑ?и Atheros L2
+ непÑ?авилÑ?но вклÑ?Ñ?аеÑ? Ñ?азбÑ?оÑ?/Ñ?боÑ? I/O. УдалÑ?ннÑ?й
+ злоÑ?мÑ?Ñ?ленник можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? поÑ?енÑ?иалÑ?но
+ Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии из памÑ?Ñ?и Ñ?дÑ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2143">CVE-2016-2143</a>
- - <p>Marcin Koscielnicki discovered that the fork implementation in the
- - Linux kernel on s390 platforms mishandles the case of four
- - page-table levels, which allows local users to cause a denial of
- - service (system crash).</p></li>
+ <p>Ð?аÑ?Ñ?ин Ð?оÑ?Ñ?елÑ?ниÑ?ки обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? fork в
+ Ñ?дÑ?е Linux на плаÑ?Ñ?оÑ?маÑ? Ñ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?ой s390 непÑ?авилÑ?но обÑ?абаÑ?Ñ?ваеÑ? Ñ?иÑ?Ñ?аÑ?иÑ? Ñ?
+ Ñ?еÑ?Ñ?Ñ?Ñ?мÑ? Ñ?Ñ?овнÑ?ми Ñ?аблиÑ?Ñ? Ñ?Ñ?Ñ?аниÑ?, Ñ?Ñ?о позволÑ?еÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м вÑ?зÑ?ваÑ?Ñ? оÑ?каз
+ в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка Ñ?иÑ?Ñ?емÑ?).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3070">CVE-2016-3070</a>
- - <p>Jan Stancek of Red Hat discovered a local denial of service
- - vulnerability in AIO handling.</p></li>
+ <p>Ян СÑ?анÑ?ек из Red Hat обнаÑ?Ñ?жил локалÑ?нÑ?й оÑ?каз в обÑ?лÑ?живании
+ в коде длÑ? обÑ?абоÑ?ки AIO.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3134">CVE-2016-3134</a>
- - <p>The Google Project Zero team found that the netfilter subsystem does
- - not sufficiently validate filter table entries. A user with the
- - CAP_NET_ADMIN capability could use this for denial of service
- - (crash) or possibly for privilege escalation. Debian disables
- - unprivileged user namespaces by default, if locally enabled with the
- - kernel.unprivileged_userns_clone sysctl, this allows privilege
- - escalation.</p></li>
+ <p>Ð?оманда Google Project Zero обнаÑ?Ñ?жила, Ñ?Ñ?о подÑ?иÑ?Ñ?ема netfilter недоÑ?Ñ?аÑ?оÑ?но
+ пÑ?овеÑ?Ñ?еÑ? запиÑ?и Ñ?аблиÑ?Ñ? Ñ?илÑ?Ñ?Ñ?ов. Ð?олÑ?зоваÑ?елÑ?, имеÑ?Ñ?ий возможноÑ?Ñ?Ñ?
+ CAP_NET_ADMIN, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? пÑ?облемÑ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании
+ (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или возможного повÑ?Ñ?ениÑ? пÑ?ивилегий. Ð? Debian по Ñ?молÑ?аниÑ?
+ оÑ?клÑ?Ñ?енÑ? непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?елÑ?Ñ?кие пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва имÑ?н. Ð?Ñ?ли же они вклÑ?Ñ?енÑ?
+ локалÑ?но Ñ? помоÑ?Ñ?Ñ? kernel.unprivileged_userns_clone sysctl, Ñ?о Ñ?Ñ?о позволÑ?еÑ?
+ вÑ?полнÑ?Ñ?Ñ? повÑ?Ñ?ение пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3156">CVE-2016-3156</a>
- - <p>Solar Designer discovered that the IPv4 implementation in the Linux
- - kernel did not perform the destruction of inet device objects
- - properly. An attacker in a guest OS could use this to cause a denial
- - of service (networking outage) in the host OS.</p></li>
+ <p>Solar Designer обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? IPv4 в Ñ?дÑ?е Linux
+ не вÑ?полнÑ?еÑ? коÑ?Ñ?екÑ?ного Ñ?ниÑ?Ñ?ожениÑ? обÑ?екÑ?ов
+ inet-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?в. Ð?лоÑ?мÑ?Ñ?ленник, Ñ?абоÑ?аÑ?Ñ?ий в гоÑ?Ñ?евой Ñ?иÑ?Ñ?еме, можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?о
+ длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (оÑ?клÑ?Ñ?ение Ñ?еÑ?и) в оÑ?новной Ñ?иÑ?Ñ?еме.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3157">CVE-2016-3157</a> /
XSA-171
- - <p>Andy Lutomirski discovered that the x86_64 (amd64) task switching
- - implementation did not correctly update the I/O permission level
- - when running as a Xen paravirtual (PV) guest. In some
- - configurations this would allow local users to cause a denial of
- - service (crash) or to escalate their privileges within the guest.</p></li>
+ <p>Ðнди Ð?Ñ?Ñ?омиÑ?Ñ?ки обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? пеÑ?еклÑ?Ñ?ениÑ? задаÑ? в аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?е
+ x86_64 (amd64) непÑ?авилÑ?но обновлÑ?еÑ? Ñ?Ñ?овенÑ? пÑ?ав доÑ?Ñ?Ñ?па I/O в Ñ?ом Ñ?лÑ?Ñ?ае,
+ еÑ?ли Ñ?иÑ?Ñ?ема Ñ?абоÑ?аеÑ? в каÑ?еÑ?Ñ?ве гоÑ?Ñ?евой Ñ?иÑ?Ñ?емÑ? Xen (PV). Ð?Ñ?и некоÑ?оÑ?Ñ?Ñ?
+ наÑ?Ñ?Ñ?ойкаÑ? Ñ?Ñ?о позволÑ?еÑ? локалÑ?нÑ?м полÑ?зоваÑ?елÑ?м вÑ?зÑ?ваÑ?Ñ? оÑ?каз в
+ обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или повÑ?Ñ?аÑ?Ñ? Ñ?вои пÑ?ивилегии в гоÑ?Ñ?евой Ñ?иÑ?Ñ?еме.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3672">CVE-2016-3672</a>
- - <p>Hector Marco and Ismael Ripoll noted that it was possible to disable
- - Address Space Layout Randomisation (ASLR) for x86_32 (i386) programs
- - by removing the stack resource limit. This made it easier for local
- - users to exploit security flaws in programs that have the setuid or
- - setgid flag set.</p></li>
+ <p>Ð?екÑ?оÑ? Ð?аÑ?Ñ?о и Ð?Ñ?маÑ?лÑ? Рипол замеÑ?или, Ñ?Ñ?о можно оÑ?клÑ?Ñ?иÑ?Ñ?
+ ASLR длÑ? пÑ?огÑ?амм под аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?Ñ? x86_32 (i386) пÑ?Ñ?Ñ?м
+ Ñ?далениÑ? огÑ?аниÑ?ениÑ? Ñ?еÑ?Ñ?Ñ?Ñ?ов Ñ?Ñ?ека. ÐÑ?о облегÑ?аеÑ? локалÑ?нÑ?м
+ полÑ?зоваÑ?елÑ?м иÑ?полÑ?зование Ñ?Ñ?звимоÑ?Ñ?ей в пÑ?огÑ?аммаÑ?, имеÑ?Ñ?иÑ? Ñ?лаг пÑ?ав доÑ?Ñ?Ñ?па, позволÑ?Ñ?Ñ?ий
+ запÑ?Ñ?каÑ?Ñ? иÑ? оÑ? лиÑ?а владелÑ?Ñ?а или гÑ?Ñ?ппÑ? владелÑ?Ñ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3951">CVE-2016-3951</a>
- - <p>It was discovered that the cdc_ncm driver would free memory
- - prematurely if certain errors occurred during its initialisation.
- - This allowed a physically present user with a specially designed
- - USB device to cause a denial of service (crash) or possibly to
- - escalate their privileges.</p></li>
+ <p>Ð?Ñ?ло обнаÑ?Ñ?жено, Ñ?Ñ?о дÑ?айвеÑ? cdc_ncm пÑ?еждевÑ?еменно
+ оÑ?вобождаеÑ? памÑ?Ñ?Ñ? в Ñ?ом Ñ?лÑ?Ñ?ае, еÑ?ли возникаÑ?Ñ? оÑ?ибки пÑ?и иниÑ?иализаÑ?ии.
+ ÐÑ?о позволÑ?еÑ? полÑ?зоваÑ?елÑ?, имеÑ?Ñ?емÑ? Ñ?изиÑ?еÑ?кий доÑ?Ñ?Ñ?п к Ñ?иÑ?Ñ?еме, вÑ?зÑ?ваÑ?Ñ? оÑ?каз в
+ обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или поÑ?енÑ?иалÑ?но повÑ?Ñ?аÑ?Ñ? Ñ?вои пÑ?ивилегии Ñ?
+ помоÑ?Ñ?Ñ? Ñ?пеÑ?иалÑ?но Ñ?Ñ?оÑ?миÑ?ованного USB-Ñ?Ñ?Ñ?Ñ?ойÑ?Ñ?ва.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3955">CVE-2016-3955</a>
- - <p>Ignat Korchagin reported that the usbip subsystem did not check
- - the length of data received for a USB buffer. This allowed denial
- - of service (crash) or privilege escalation on a system configured
- - as a usbip client, by the usbip server or by an attacker able to
- - impersonate it over the network. A system configured as a usbip
- - server might be similarly vulnerable to physically present users.</p></li>
+ <p>Ð?гнаÑ? Ð?оÑ?Ñ?агин Ñ?ообÑ?ил, Ñ?Ñ?о подÑ?иÑ?Ñ?ема usbip не вÑ?полнÑ?еÑ? пÑ?овеÑ?кÑ? длинÑ?
+ полÑ?Ñ?аемÑ?Ñ? длÑ? бÑ?Ñ?еÑ?а USB даннÑ?Ñ?. ÐÑ?о позволÑ?еÑ? вÑ?зÑ?ваÑ?Ñ? оÑ?каз в
+ обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или повÑ?Ñ?аÑ?Ñ? пÑ?ивилегии в Ñ?иÑ?Ñ?еме, вÑ?полнÑ?Ñ?Ñ?ей
+ Ñ?олÑ? клиенÑ?а usbip, Ñ?о Ñ?Ñ?оÑ?онÑ? Ñ?еÑ?веÑ?а usbip или злоÑ?мÑ?Ñ?ленника, Ñ?поÑ?обного
+ подделаÑ?Ñ? Ñ?акой Ñ?еÑ?веÑ? в Ñ?еÑ?и. СиÑ?Ñ?ема, вÑ?полнÑ?Ñ?Ñ?аÑ? Ñ?олÑ? Ñ?еÑ?веÑ?а usbip,
+ можеÑ? Ñ?Ñ?однÑ?м обÑ?азом бÑ?Ñ?Ñ? Ñ?Ñ?звима пÑ?и Ñ?Ñ?ловии, Ñ?Ñ?о полÑ?зоваÑ?елÑ? имееÑ? к ней Ñ?изиÑ?еÑ?кий доÑ?Ñ?Ñ?п.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-3961">CVE-2016-3961</a> /
XSA-174
- - <p>Vitaly Kuznetsov of Red Hat discovered that Linux allowed the use of
- - hugetlbfs on x86 (i386 and amd64) systems even when running as a Xen
- - paravirtualised (PV) guest, although Xen does not support huge
- - pages. This allowed users with access to /dev/hugepages to cause a
- - denial of service (crash) in the guest.</p></li>
+ <p>Ð?иÑ?алий Ð?Ñ?знеÑ?ов из Red Hat обнаÑ?Ñ?жил, Ñ?Ñ?о Linux позволÑ?еÑ? иÑ?полÑ?зоваÑ?Ñ?
+ hugetlbfs на Ñ?иÑ?Ñ?емаÑ? Ñ? аÑ?Ñ?иÑ?екÑ?Ñ?Ñ?ой x86 (i386 и amd64) даже в Ñ?ом Ñ?лÑ?Ñ?ае, когда
+ иÑ?полÑ?зÑ?еÑ?Ñ?Ñ? в каÑ?еÑ?Ñ?ве гоÑ?Ñ?евой Ñ?иÑ?Ñ?емÑ? Xen (PV), Ñ?оÑ?Ñ? Xen не поддеÑ?живаеÑ? болÑ?Ñ?ие
+ Ñ?Ñ?Ñ?аниÑ?Ñ?. ÐÑ?о позволÑ?еÑ? полÑ?зоваÑ?елÑ?м, имеÑ?Ñ?им доÑ?Ñ?Ñ?п к /dev/hugepages, вÑ?зÑ?ваÑ?Ñ?
+ оÑ?каз в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) на гоÑ?Ñ?евой Ñ?иÑ?Ñ?еме.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4470">CVE-2016-4470</a>
- - <p>David Howells of Red Hat discovered that a local user can trigger a
- - flaw in the Linux kernel's handling of key lookups in the keychain
- - subsystem, leading to a denial of service (crash) or possibly to
- - privilege escalation.</p></li>
+ <p>Ð?Ñ?вид ХоÑ?еллÑ? из Red Hat обнаÑ?Ñ?жил, Ñ?Ñ?о локалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? вÑ?зваÑ?Ñ?
+ оÑ?ибкÑ? в коде Ñ?дÑ?а Linux длÑ? обÑ?абоÑ?ки поиÑ?ка клÑ?Ñ?ей в подÑ?иÑ?Ñ?еме keychain,
+ Ñ?Ñ?о пÑ?иводиÑ? к оÑ?казÑ? в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка) или возможномÑ?
+ повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4482">CVE-2016-4482</a>,
<a href="https://security-tracker.debian.org/tracker/CVE-2016-4485">CVE-2016-4485</a>,
@@ -138,54 +139,54 @@
<a href="https://security-tracker.debian.org/tracker/CVE-2016-5243">CVE-2016-5243</a>,
<a href="https://security-tracker.debian.org/tracker/CVE-2016-5244">CVE-2016-5244</a>
- - <p>Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA
- - timer, x25, tipc, and rds facilities leaked information from the
- - kernel stack.</p></li>
+ <p>Ð?Ñ?нджи Ð?Ñ? Ñ?ообÑ?ил, Ñ?Ñ?о в USB devio, llc, rtnetlink, ALSA
+ timer, x25, tipc и rds могÑ?Ñ? пÑ?оиÑ?Ñ?одиÑ?Ñ? Ñ?Ñ?еÑ?ки инÑ?оÑ?маÑ?ии из
+ Ñ?Ñ?ека Ñ?дÑ?а.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4565">CVE-2016-4565</a>
- - <p>Jann Horn of Google Project Zero reported that various components
- - in the InfiniBand stack implemented unusual semantics for the
- - write() operation. On a system with InfiniBand drivers loaded,
- - local users could use this for denial of service or privilege
- - escalation.</p></li>
+ <p>Ян ХоÑ?н из Google Project Zero Ñ?ообÑ?ил, Ñ?Ñ?о Ñ?азлиÑ?нÑ?е компоненÑ?Ñ?
+ в Ñ?Ñ?еке InfiniBand Ñ?еализÑ?Ñ?Ñ? необÑ?Ñ?нÑ?Ñ? Ñ?еманÑ?икÑ? длÑ? опеÑ?аÑ?ии
+ write(). Ð? Ñ?иÑ?Ñ?еме Ñ? загÑ?Ñ?женнÑ?ми дÑ?айвеÑ?ами InfiniBand
+ локалÑ?нÑ?е полÑ?зоваÑ?ели могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?казаннÑ?Ñ? пÑ?облемÑ? длÑ? вÑ?зова оÑ?каза
+ в обÑ?лÑ?живании или повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4581">CVE-2016-4581</a>
- - <p>Tycho Andersen discovered that in some situations the Linux kernel
- - did not handle propagated mounts correctly. A local user can take
- - advantage of this flaw to cause a denial of service (system crash).</p></li>
+ <p>ТиÑ?о Ð?ндеÑ?Ñ?ен обнаÑ?Ñ?жил, Ñ?Ñ?о в некоÑ?оÑ?Ñ?Ñ? Ñ?иÑ?Ñ?аÑ?иÑ?Ñ? Ñ?дÑ?о Linux непÑ?авилÑ?но
+ обÑ?абаÑ?Ñ?ваеÑ? пеÑ?еданнÑ?е монÑ?иÑ?ованиÑ?. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ?
+ иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка Ñ?иÑ?Ñ?емÑ?).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4805">CVE-2016-4805</a>
- - <p>Baozeng Ding discovered a use-after-free in the generic PPP layer in
- - the Linux kernel. A local user can take advantage of this flaw to
- - cause a denial of service (system crash), or potentially escalate
- - their privileges.</p></li>
+ <p>Ð?аоÑ?зÑ?н Ð?ин обнаÑ?Ñ?жил иÑ?полÑ?зование Ñ?казаÑ?елей поÑ?ле оÑ?вобождениÑ? памÑ?Ñ?и в обÑ?ем
+ Ñ?лое PPP в Ñ?дÑ?е Linux. Ð?окалÑ?нÑ?й полÑ?зоваÑ?елÑ? можеÑ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ?
+ длÑ? вÑ?зова оÑ?каза в обÑ?лÑ?живании (аваÑ?ийнаÑ? оÑ?Ñ?ановка Ñ?иÑ?Ñ?емÑ?) или поÑ?енÑ?иалÑ?ного
+ повÑ?Ñ?ениÑ? пÑ?ивилегий.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4913">CVE-2016-4913</a>
- - <p>Al Viro found that the ISO9660 filesystem implementation did not
- - correctly count the length of certain invalid name entries.
- - Reading a directory containing such name entries would leak
- - information from kernel memory. Users permitted to mount disks or
- - disk images could use this to obtain sensitive information.</p></li>
+ <p>Ð?л Ð?иÑ?о обнаÑ?Ñ?жил, Ñ?Ñ?о Ñ?еализаÑ?иÑ? Ñ?айловой Ñ?иÑ?Ñ?емÑ? ISO9660 непÑ?авилÑ?но вÑ?полнÑ?еÑ?
+ подÑ?Ñ?Ñ?Ñ? длинÑ? опÑ?еделÑ?ннÑ?Ñ? некоÑ?Ñ?екÑ?нÑ?Ñ? запиÑ?ей имÑ?н.
+ ЧÑ?ение каÑ?алога, Ñ?одеÑ?жаÑ?его Ñ?акие запиÑ?и имÑ?н, пÑ?иводиÑ? к Ñ?Ñ?еÑ?ке
+ инÑ?оÑ?маÑ?ии из памÑ?Ñ?и Ñ?дÑ?а. Ð?олÑ?зоваÑ?ели, коÑ?оÑ?Ñ?е могÑ?Ñ? монÑ?иÑ?оваÑ?Ñ? диÑ?ки или
+ обÑ?азÑ? диÑ?ков, могÑ?Ñ? иÑ?полÑ?зоваÑ?Ñ? Ñ?Ñ?Ñ? Ñ?Ñ?звимоÑ?Ñ?Ñ? длÑ? полÑ?Ñ?ениÑ? Ñ?Ñ?вÑ?Ñ?виÑ?елÑ?ной инÑ?оÑ?маÑ?ии.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-4997">CVE-2016-4997</a> /
<a href="https://security-tracker.debian.org/tracker/CVE-2016-4998">CVE-2016-4998</a>
- - <p>Jesse Hertz and Tim Newsham discovered that missing input sanitising
- - in Netfilter socket handling may result in denial of service. Debian
- - disables unprivileged user namespaces by default, if locally enabled
- - with the kernel.unprivileged_userns_clone sysctl, this also allows
- - privilege escalation.</p></li>
+ <p>Ð?жеÑ?Ñ? Ð?еÑ?Ñ? и Тим Ð?Ñ?Ñ?Ñ?Ñ?м обнаÑ?Ñ?жили, Ñ?Ñ?о оÑ?Ñ?Ñ?Ñ?Ñ?Ñ?вие оÑ?иÑ?Ñ?ки вÑ?однÑ?Ñ? даннÑ?Ñ?
+ в коде обÑ?абоÑ?ки Ñ?океÑ?а Netfilter можеÑ? пÑ?иводиÑ?Ñ? к оÑ?казÑ? в обÑ?лÑ?живании. Ð?о Ñ?молÑ?аниÑ? в
+ Debian оÑ?клÑ?Ñ?енÑ? непÑ?ивилегиÑ?ованнÑ?е полÑ?зоваÑ?елÑ?Ñ?кие пÑ?оÑ?Ñ?Ñ?анÑ?Ñ?ва имÑ?н. Ð?Ñ?ли они
+ вклÑ?Ñ?енÑ? локалÑ?но Ñ? помоÑ?Ñ?Ñ? sysctl kernel.unprivileged_userns_clone, Ñ?о Ñ?Ñ?о позволÑ?еÑ?
+ вÑ?полнÑ?Ñ?Ñ? повÑ?Ñ?ение пÑ?ивилегий.</p></li>
</ul>
- -<p>For the stable distribution (jessie), these problems have been fixed in
- -version 3.16.7-ckt25-2+deb8u2.</p>
+<p>Ð? Ñ?Ñ?абилÑ?ном вÑ?пÑ?Ñ?ке (jessie) Ñ?Ñ?и пÑ?облемÑ? бÑ?ли иÑ?пÑ?авленÑ? в
+веÑ?Ñ?ии 3.16.7-ckt25-2+deb8u2.</p>
- -<p>We recommend that you upgrade your linux packages.</p>
+<p>РекомендÑ?еÑ?Ñ?Ñ? обновиÑ?Ñ? пакеÑ?Ñ? linux.</p>
</define-tag>
# do not modify the following line
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXcmSYAAoJEF7nbuICFtKlF94P/2hgWcYe6HOtDzPaItRT85cX
trakRjo4DgVro7n+08V0rIXB3F/hPwTOfJ2+5MqpKpP8oFBdHDn/05t4aY05sNXD
g1nAVqV8SjdcDXX9PtbJ5AfLHwt2AqyQb/SMmEEXqD6adF90liWEgBh3hgCChheV
vg+o/yEAygBVTxk9mkrtIREZgina+yUlLMdpit5dapY4xSoXV9PAPzV5qGJU9+tt
Jv0HVZCQ3TO9gVwbkBeA9hQKCMt5eI4aHJHTVm8h2qRrP2fNYcgtgM54ouW3+a3B
Hj8LsO7EBFwdSADM93r2mT7fZAj47EacKKqUazTtEGsOUWihkHfrTwAba1A1MJJj
egchjY4X0qoxaf3FqgyjgsvEu1MKs4JoI3plXe1e8Koz/m3QumP6NvvHfQHo3197
S6MM6SQsZrfXmvR+q5p+XUa1ufxnvVEFYhXbEfVw/+MWMT13rRz1x4yCAMhs0BOh
e5t7Z6OWOdl1ERFPj5GAz7n4AerfUHfHhsf00eTGhBwF4cNocK7YapWqR1KOMK6a
TbHRWP8rAztwOjbbpdvG8rN+ey8xklPcXxoJq/zBrONC9UqG2Upz8JiCBHk5xNpq
+HWgZi79e5agv0hiq9B447EKBDlzXWAV539K9bnEzJDxTEHcdGGvi4CDQ2/LISxp
lBDyn/VLaJWsWgoT5iku
=4xBw
-----END PGP SIGNATURE-----
Reply to: